Open augustoproiete opened 6 years ago
I think that would be fine, but not something I'm likely to pay much attention to myself.
Interesting read on this topic: Why NuGet Package Signing Is Not (Yet) for Me
A necromancing Devils Advocate afterthought re anti-virus false positives... still "not (yet)"? Full disclosure; havn't read the links or researched yet...
Today, NuGet introduced the concept of signed package submissions, giving us the ability for package authors to sign packages.
Issue #197 is already a good step towards package authenticity, and the concept of signing packages goes even further.
Opening this issue to start the discussion, as there might be costs involved in obtaining a code signing certificate that is trusted by nuget.org, which is one of the requirements.
Compatibility: