Sign the Extension assemblies

[mathewc]

With the same key that other WebJobs SDK packages are signed with. Currently we're not signing.

[mathewc]

However, we're blocked by the fact that NCronTab is not signed, and we have a dependency on it. http://www.nuget.org/packages/ncrontab/. Issue created in that repo: https://github.com/atifaziz/NCrontab/issues/8.

[davidebbo]

You're going to start a religious war here. Note that if we strong name it, we need to keep the version fixed. See what I went through a few years ago for WebActivator: https://github.com/davidebbo/WebActivator/wiki/Signing-WebActivator

[mathewc]

@davidebbo All the WebJobs SDK core assemblies are signed as per long standing policy, and people have no problems using those packages. The WebJobs SDK Extensions are part of that grand tradition. so it seems they should also be signed. Why is this a problem?

[davidebbo]

It's ok to sign them. But when doing this, the important thing is to freeze the assembly version and never change it. That's the scheme Json.NET and some other top packages switched to in order to save users from too much pain.

[mathewc]

Update: The author of NCronTab has graciously uploaded a signed version of his package as NCronTab.Signed, so we're unblocked here.

[nimishrocksster]

We are also experiencing this issue and our service deployment is blocked on this.

[mathewc]

Since this issue was created, we've onboarded a lot of additional packages in the Extensions project (e.g. ApiHubs, NotificationHubs, etc.). We want our signing story to be consistent across all these packages I believe, so we should see if the requisite assemblies for these other packages are also signed. Otherwise we'll be in a world where some Extension packages are signed, and some are not, which is messy.

[joymon]

Any update on signing? I checked 2.1.0 nuget pack and still not signed. https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions/2.1.0

Its very difficult to use this at Enterprise.

[cdhawan]

Kindly strong named and Authenticode sign these assemblies.

[paulbatum]

All published NuGet assemblies relating to WebJobs 3.x / Functions 2.x are now strong name signed, including the extension assemblies. We will not be able to make any changes to signing for earlier versions of the extension assemblies as this would be a breaking change.

Closing this as resolved.