NuGet package improvements

[swharden]

Hi @OldNo7, thank you for responding to my message! I really appreciate you creating this package and sharing its source code, and would love to recommend it for use in future projects.

I wish to make the following improvements to this project. If I create a few PRs, would you be willing to merge them in and update the package on NuGet? Specifically I'd like to:

• [x] modify the csproj to better connect the NuGet package with this github repo
• [x] include debug symbols and enable sourcelink (to improve debugging)
• [x] enable reproducible/deterministic builds (for security)
• [x] update the csproj file to ignore the remaining warnings
• [x] add a license expression to clarify that License.txt is MIT
• [x] add a changelog.md and pull that information out of the csproj file
• [x] remove UserSecretsId from the csproj file
• [x] add a github action to ensure the package builds as expected on every commit
• [ ] (I won't do this unless you ask for it) add a manually-triggered github action only you can execute which pushes the package built by GitHub Actions directly to NuGet. This would require you creating an API key and adding it as a secret in the settings section of this repository. It is convenient to be able to publish NuGet packages directly from GitHub without building anything on your local machine, but also I can see where a package like this would be rarely updated so the manual process may not be too laborious.

If you're in favor I can make all these changes with a single PR (or separate PRs if you prefer) some time over the next few days.

Thank you for your input!

[OldNo7]

I would be willing to accept your pull request. I welcome the opportunity to learn somethings from it.

Just so you know I did not create this code. I downloaded it from FTDI. I just wrapped it up in a new project so I could compile it for .netstandard 2/2.1 and .net 4 due to someone requesting it.

[swharden]

Just so you know I did not create this code. I downloaded it from FTDI.

Thanks for clarifying this. I understand it's mostly unmodified code as downloaded from https://ftdichip.com/software-examples/code-examples/csharp-examples/

Clarifying my motivations, this is the most popular FTDI wrapper on NuGet https://www.nuget.org/packages/FTD2XX.Net with over 50k installs, and I am personally interested in adding a few features to this widely used package to enhance security, provide additional documentation, and clarify licensing.

Note that I'm working on a similar package (https://github.com/swharden/FtdiSharp/, it's not on NuGet yet) that has higher level classes to manage devices and simplify common communication protocols for FT232H (I2C, SPI, FIFO, etc.) which is what led me to research similar packages in this space.

[swharden]

Hi @OldNo7, I finished PR #2

When you build the solution, package files (.nupkg and .snupkg) will be in bin/Release/

You can upload them from the NuGet website or via command line

Feel free to reach out if you have any questions!

Is authorship intentionally anonymous?

I highly recommend you add your name and contact information to your GitHub profile (https://github.com/OldNo7), to this repository's readme file, and also in the csproj file's authors tag. There is growing concern in the developer community about preventing supply chain attacks. I have no doubt your project is legitimate, but you have the equivalent of push rights to any project that uses this NuGet package as a dependency. A bad actor could place malicious code in a new version of a NuGet package, and all the projects that depend on it and automatically upgrade to the latest version may be unwittingly deploying malicious code along with their applications. Being able to attribute this package to a real person goes a long way toward establishing credibility. If you wish to remain anonymous I definitely understand, but consider transferring the repository/package to someone named who can maintain it.

• https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#authors