Only use legacy signed MathNet.Numerics wrapper on Framework and older Standard

nissl-lab / npoi

a .NET library that can read/write Office formats without Microsoft Office installed. No COM+, no interop.

Apache License 2.0

5.73k stars 1.43k forks source link

Only use legacy signed MathNet.Numerics wrapper on Framework and older Standard #1398

Closed jas88 closed 2 months ago

jas88 commented 3 months ago

.Net Framework cares about legacy "Strong Naming" which is why #785 was opened in 2022, but it's not useful for Core - this PR makes it conditional, so Framework and Standard 2.0 users get that signed variant, Standard 2.1 and Core 6 will get the normal package instead resolving #1365 without upsetting legacy people.

lahma commented 3 months ago

Unfortunate that they have two variants. It's so much easier to just sign the assembly even for modern .NET use and let it ignore the fact. If I remember correctly the advice (at some point at least) was that sign the assembly and have the public key public in repo (don't expect it to be a secret).

jas88 commented 2 months ago

@lahma yes, signing in itself is generally useless but harmless, and they've added a "PublicSigning" option to simplify that too - the problem is that Mathnet.Numerics has two different packages with conflicting names paces, and they specifically advise use of the unsigned variant except for the handful of cases that actually have a use for signing.