Sign the assemblies that we publish

[mwadams]

We have had a request from @gregsdennis to sign the assemblies, so that we can support upstream users who have signed assemblies, without producing a warning.

[idg10]

Could you or @gregsdennis clarify whether this is a request to:

• make these strongly-named assemblies with a corresponding signature (i.e., nothing certificate based, just the old-school strong name signature that we're now all encouraged not to rely on)
• embed an authenticode code signature in the actual DLLs themselves
• generate a signature for the NuGet package

Or Some combination of the above?

I'm not clear on what exactly is blocking upstream users, so I'm not sure exactly what will be required to support them properly.

[gregsdennis]

The first one. I've been signing my packages forever because it was requested of me long ago. And the system still complains when you reference an unsigned package from a signed one.

I am curious why it's discouraged now, though.