Signed dlls required #687
Comments
|
Which version are you using? I've checked the latest package and all the libraries are signed.
Notice that the key used to sign these packages is public, which means that anyone can produce a modified version of the library and sign it. This signature is just a convenience for users requiring a strong named assembly. |
|
The version is the current latest: 11.2.1 I'm actually referring to the digital signature of the .dll contained in the package. See side-by-side of yamldotnet dll and a signed dll: |
|
The only signature that is provided is the .NET assembly signature, which is the standard practice in the .NET world, as far as I can tell. I suggest that you setup your own CI pipeline to sign the dlls yourself. The build should be easy to replicate. You can base yourself on appveyor.yml. |
|
Closing this issue. |
My team uses this package to convert c# objects to yaml.
However, we need a signed version of YamlDotNet.dll.
The nuget package is signed but the actual dll isn't signed, and this is triggering violations on our end.
Could we have this update?
The text was updated successfully, but these errors were encountered: