micjahn
Digitally sign ZXing NuGet package assemblies
Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy.
It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄
Timothy, Are you referring to authenicode signing or strong naming?
If either of these it might be best to have seperate NuGet packages for them.
Getting and using an authenicode signing cert is not cheap, ~$200-300 USD/year + ~$100USD/token. Or user friendly to use, they now require a hardware token and are limited to a max of 3 years.
Regards, Kim
On 10/07/2024, at 06:43, Timothy Smith @.***> wrote:
Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy.
It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄
— Reply to this email directly, view it on GitHubhttps://github.com/micjahn/ZXing.Net/issues/578, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGXVKJGSDH2WLUWYQI4XMYLZLQVOHAVCNFSM6AAAAABKTNNPLCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGM4TQOJQGQYDEMI. You are receiving this because you are subscribed to this thread.Message ID: @.***>
I will never provide assemblies which are signed with authenicode because of the costs. This is a open source project.
If there are assemblies in the nuget packages which doesn't have a strong name, please list them here.
