please add digital signature to the dlls in the Tomlyn nuget package #71
Comments
For an application (and installer), I understand the value, but for DLL in NuGet packages, what is really the value? Who is doing that today in the OSS space (except big corp like Microsoft)? In general, I'm against digital signing. But even, If I was relying on SignPath, and they remove their free support for OSS, that would cause me problem. Similarly, these certificates are usually time bounded and I would have to handle that. I would also have to change dotnet-releaser to take that into account...etc. Lots of trouble for little value. |
|
I don't sign my assemblies and they're used widely in massive enterprises. Signing changes assembly version compatibility rules (on .NET framework) and adds startup latency. Microsoft says "Strong naming has no benefits on .NET Core/5+. ". https://learn.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming |
|
Do not rely on strong names for security. They provide a unique identity only. -> https://learn.microsoft.com/en-us/dotnet/standard/assembly/strong-named?source=recommendations |
|
@golden-aries Have you tried that package? |
Hello Alexandre, thank you for sharing your code!
It would be very nice if the dlls in your nuget package were digitally signed.
There are guys out there who can help with signing open source projects dlls without charges.
Here is a link:
SignPath for Open Source projects
I learn about them while exploring Kirill Osenkov's MSBuildStructuredLog. His MsBuildStructuredLog application is digitally signed with a help of a SignPath.
Here are links:
Add mention about SignPath Foundation and free code certificate in Readme.md #681
Thanks to []https://signpath.io/ for generously providing a certificate to sign the installer.KirillOsenkov/MSBuildStructuredLog
The text was updated successfully, but these errors were encountered: