For 2. this could likely be solved by a proposedAllowUntrustedCertificatesorDisableCertificateValidationtype of flag. There will likely need to be different levers of control here. For example, one might be able to set both of these flags at both the global nuget.config level: ...
A decent workaround would be for example, to allow us to define a environment variable globally for all projects to disable these... This would allow us to proceed and fix all those problems before we halt production. PS2: Some of our projects have directory.build.props, some dont meaning...