-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to std-uritemplate #123
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking until we solve for the casing issue in the generation
Updated to |
Is there anything I can do to help move this forward? |
@andreaTP I think one of the last thing that's missing for std uri template is for it to be digitally signed. But maybe that's only a requirement for Microsoft owned assemblies. It's a bit of a gray area. Note: we also depend on OpenTelemetry which is not digitally sign. Also having another look at this thread is seems that besides digital signature, ownership of the package is still an issue. I just created an organization Std.UriTemplate, to which I've sent you an invite.
(as a general rule of thumb this is probably something we should follow for all package feeds as a reliability approach) |
Thanks @baywet for helping out here! |
I'd advocate for making the organization only as owner of the package to fully address the concern voiced by the user. |
Ok, completely open about this, done 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making the changes. LGTM. @andrueastman for final review and to provide input on digital signature.
Thanks @baywet for checking everything! Additionally, we are not making the current situation worse as Tavis doesn't have a digital signature as well IIRC. |
I just created this PR to address the deterministic builds issue in the generated package for source link. std-uritemplate/std-uritemplate#72 otherwise this looks good to me.
This is true, the Tavis dlls are not signed now and moving forward would be keeping the situation as is. Failing to have a Strong name is what can be blocking for users as some runtimes won't run/build if a dependency isn't strongly named (which is addressed). Like the challenge for OpenTelemetry, the issue would be figuring out certificate management for the signing of the package as at the moment, our current packages are signed using a signing service available in ADO which makes it easier in this end. |
@andrueastman can you push a changelog entry and version bump to this PR please? (minor, today) |
Fix #122