Digitally sign ZXing NuGet package assemblies #578
Comments
|
Timothy,
Are you referring to authenicode signing or strong naming?
If either of these it might be best to have seperate NuGet packages for them.
Getting and using an authenicode signing cert is not cheap, ~$200-300 USD/year + ~$100USD/token.
Or user friendly to use, they now require a hardware token and are limited to a max of 3 years.
Regards,
Kim
On 10/07/2024, at 06:43, Timothy Smith ***@***.***> wrote:
Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy.
It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄
—
Reply to this email directly, view it on GitHub<#578>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGXVKJGSDH2WLUWYQI4XMYLZLQVOHAVCNFSM6AAAAABKTNNPLCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGM4TQOJQGQYDEMI>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
I will never provide assemblies which are signed with authenicode because of the costs. This is a open source project. If there are assemblies in the nuget packages which doesn't have a strong name, please list them here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy.
It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄
The text was updated successfully, but these errors were encountered: