Open FilipVanBouwel opened 4 years ago
Callisto82
commented
4 years ago Hi Filip,
I did not create that nuget package. You can download the binary release from github though, if you like.
So with regard fort he nuget package: I don’t actually know how to update a package that someone else created. And I also did not yet look into how the signing process works.
Do you have any information about one of these points?
Kinds regards Michael
FilipVanBouwel
commented
4 years ago Signing an assembly is pretty straightforward. Just create a Strong Name Key (.snk) file that contains a public/private key. Put it into your project and on the project properties, signing tab, check 'sign the assembly' and browse to that .snk file you added to the project.
Steps :
olijf
commented
4 years ago @FilipVanBouwel one easy way of consuming unsigned nuget packages is by installing the strongnamer nuget package (https://github.com/dsplaisted/strongnamer). It takes away the hassle of having to find signed nuget packages. As dotnet core is moving away from signed assemblies to fit more into the FOSS mentality/model we can expect in future versions the signing to be omitted completely
Callisto82
commented
1 year ago Does the suggestion from @olijf solve your problem then, @FilipVanBouwel?
FilipVanBouwel
commented
1 year ago Does the suggestion from @olijf solve your problem then, @FilipVanBouwel?
We switched to unsigned assemblies last year when migrating to .NET 6, so my problem kinda went away on its own. :-)
It's annoying if we have to add al lthe source code to our project just for the sake of signing it. This makes it so much harder to get the latest version as you would normally do through nuget.
Any chance you can sign the assembly by default?