DLL signing? #358
-
|
General question, mostly I don't know what the stand is with this project. Why are the DLLs not signed? I am just looking for a explanation to further my understanding. For context, I work in a environment where unsigned dlls are frowned upon and used as an example of a possible attack vector, as the DLLs and its dependencies can't be trusted or there is not proof the DLL has not been modified. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @rruprai1 the packages we release to NuGet (and the dlls included) are all signed by the .NET Foundation, as I can see from my NuGet cache, for example, here:
Are you using preview packages of ours? The ones from integrations with the |
Beta Was this translation helpful? Give feedback.
Hi @rruprai1 the packages we release to NuGet (and the dlls included) are all signed by the .NET Foundation, as I can see from my NuGet cache, for example, here:
Are you using preview packages of ours? The ones from integrations with the
mainbranch should also go through this same signing process. Otherwise, we're going to need more information about what you're seeing or concern is.