Open ns8482e opened 2 years ago
Isn't signed?!!
The nuget package is but not dlls
this is how its for JSON.NET
What benefits signing the DLLs bring?
Yes it's confusing as Microsoft doc says there is not material benefit for .NET 5+ but NET assemblies are signed for 5+
What benefits signing the DLLs bring?
For same reason as .NET assemblies are signed for - For the users who are digitally signing their assemblies - they can't use OrchardCore as it's not signed
But if you are using the source code of Orchard Core then you can easily sign these assemblies for yourself. If we sign them then everyone becomes dependent on the key owner.
I will understand this is issue as a request to delay sign the assemblies. Then I would say it's totally fine, let's create a snk file and add it to the repos, and add the AssemblySign property in the common csproj.
https://github.com/sebastienros/fluid/blob/main/Common.props#L35 https://github.com/sebastienros/fluid/blob/main/Fluid.snk
Is your feature request related to a problem? Please describe.
Add digital signature for OrchardCore assembly