Fleck icon indicating copy to clipboard operation
Fleck copied to clipboard

Published 20 hours ago verified publisher icon statianzo

nuget libraries unsigned

Open btarb24 opened this issue 5 years ago • 3 comments

Can the libraries please be signed before being published to nuget? Leaving them unsigned adds a requirement that consumers need to add pre-build steps to sign the libraries. This effort needs duplicated for each framework being used.

btarb24 avatar Mar 26 '19 14:03 btarb24

I think this is a good time to consider this. Microsoft just released their new Open-source library guidance and advise strong naming. This is one of a ever-smaller handful of libraries I use that prevent me from strong-naming portions of my code (the option to sign an external library on build exists, but that is conceptually broken for many reasons). EasyNetQ has resisted this also for a long time as well and they are finally relenting...

StevenBonePgh avatar Mar 26 '19 15:03 StevenBonePgh

:+1: I had to clone and build from source, but I'd much rather get strong named assemblies in a nuget package.

jmh76 avatar Mar 29 '19 15:03 jmh76

If anyone can give a PR that does signing during the Appveyor build, I'm fine with bringing it in.

statianzo avatar Mar 29 '19 16:03 statianzo