Digitally sign ZXing NuGet package assemblies

[timo352]

Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy.

It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄

[Kim-SSi]

Timothy, Are you referring to authenicode signing or strong naming? If either of these it might be best to have seperate NuGet packages for them. Getting and using an authenicode signing cert is not cheap, ~$200-300 USD/year + ~$100USD/token. Or user friendly to use, they now require a hardware token and are limited to a max of 3 years. Regards, Kim On 10/07/2024, at 06:43, Timothy Smith ***@***.***> wrote: Currently, the ZXing NuGet Packages contain assemblies that are unsigned. There is a chance that AV software will flag the .dlls as untrustworthy. It is probably best practice to get these DLLs signed inside the NuGet package to verify that they are from a VERY trustworthy source 😄 — Reply to this email directly, view it on GitHub<#578>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AGXVKJGSDH2WLUWYQI4XMYLZLQVOHAVCNFSM6AAAAABKTNNPLCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGM4TQOJQGQYDEMI>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>