Is there a way to reject previously private signing keys?
We finally have an on-prem builder and in the past we shared our keys around. Yes, I know never share your private..
A few scenarios I have seen that I want better protection around:
User does not have access to the
originbut is still able to create packages with the old private/public key.
User does have access to the
originand creates packages with the old private/public key AND then is able to publish them in on-prem builder.