Settings and activity

We'd love this feature.

Using System.IO.Packaging would be one of the ways to sign the packages. Also, once the NuGet package signing features are finalized, it would be nice when these would be supported:

* https://github.com/NuGet/Home/issues/1882
* http://blog.nuget.org/20150203/package-signing.html

In our situation where we consume packages provided by an external source (Nuget feed), we'd like to verify that any package sources from these feeds is actually also signed by a trusted party before we install it.

In the banking environment I'm currently working another common way to validate packages is through PGP/SSHkey signing of packages, similar to how a number of Unix package managers handle package signatures:

* https://www.davidfischer.name/2012/05/signing-and-verifying-python-packages-with-pgp/
* https://github.com/node-forward/discussions/issues/29

These solutions are not ideal in a public repo setting, but on private repo's with limited sets of keys, it works really well.