Can we skip "Skipping NuGet package signature verification" message?

[richlander]

I see this is multiple scenarios, like:

$ dnx dotnet-runtimeinfo
Tool package dotnet-runtimeinfo@2.0.2 will be downloaded from source https://api.nuget.org/v3/index.json.
Proceed? [y/n] (y):
Skipping NuGet package signature verification.

             dNd                 rich@richs-MacBook-Pro.local
             dNd                 ────────────────────────────────────────
         .dNNNNNNd.              .NET: 10.0.2
       dNNNNNNNNNNNNd            .NET SDK: 10.0.102
      dNNNNNNNNNNNNNNNd          Runtimes: 20
     dNNN.----------.NNNd        SDKs: 10
     dNNN|   ()   ()|NNNd
     dNNN'----------'NNNd        OS: macOS 26.2.0
       dNNNNd    dNNNNd          Arch: Arm64
        dNd |.NET| dNd           CPU: 12 cores
        dNd |    | dNd           Memory: 24.0 GiB
            '----'

It doesn't seem like this adds a lot. It should be documented as a concept "don't expect package verification on macOS".

[baronfel]

Agree - this is in the category of 'high-verbosity diagnostic messages'. This shouldn't be displayed in the normal course of executing a tool, and when it is displayed it should:

• be at a high verbosity only
• be emitted to stderr, not stdout, so that we don't impact the actual output of the tool in question
• be able to be completely silenced with -v quiet

[richlander]

Do we need NuGet to do something here? What's the direction?

[richlander]

Here's another one. This time, two lines for extra measure.

$ dotnet tool install -g --add-source . HelloRid
Skipping NuGet package signature verification.
Skipping NuGet package signature verification.
You can invoke the tool using the following command: hellorid
Tool 'hellorid' (version '1.0.0') was successfully installed.

@aortiz-msft

[baronfel]

I think all of this output is completely controllable by the dotnet CLI. Most tools related output and code stuff is entirely us, we are just using NuGet client APIs to make it happen. Meaning I don't think there's anything actionable here for @aortiz-msft at this time.