Tyrrrz
commented
3 years ago After some research, it looks like signed packages are officially discouraged. Is there a specific reason you need this?
Closed KG2501 closed 3 years ago
Tyrrrz
commented
3 years ago After some research, it looks like signed packages are officially discouraged. Is there a specific reason you need this?
KG2501
commented
3 years ago Other popular packages like NLog, Newtonsoft, CsvHelper, CS-Script are signed and a lot others on NuGet that we have used in the past. This library is the first we try to use, that is not signed. The reason for us is, that we typically sign our applications/libraries and then we only can reference signed libraries.
jdmallen
commented
3 years ago Some risk-averse enterprises like in the banking and healthcare industries enforce this in their IT depts.
LoremFooBar
commented
3 years ago I ran into this issue as well. In my case, I am developing a plugin that is dynamically loaded by an assembly that has a strong name, meaning I had to sign my plugin, and all packages I am referencing must have a strong name. As a workaround I published a signed variant of the package to a private NuGet feed. Also opened #101.
Is it possible to add a signature to the NuGet release? It makes it easier to integrate, because most of our libraries are signed.
Otherwise we always have to compile the source by our self and cannot use NuGet.