Comments (10)
dazinator
commented on June 16, 2024
Agreed!
from dotnet.glob.
Denis535
commented on June 16, 2024
I'm getting error:
System.IO.FileLoadException: 'Could not load file or assembly 'DotNet.Glob, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. A strongly-named assembly is required.
How I can use your package now? Or when will you fix it?
Also why Version=1.0.0.0? I installed 1.6.9.
from dotnet.glob.
dazinator
commented on June 16, 2024
Re: the versioning, see #30.
Apologies for the delay.
Feel free to submit a PR if this is causing you a delay.
from dotnet.glob.
dazinator
commented on June 16, 2024
@Deni35 - do you still require a signed version? There is lot's of debate about how to handle signing keys for open source projects, for example read the first couple of answers here: https://stackoverflow.com/questions/396143/net-opensource-projects-and-strong-named-assemblies
If this is something that's still in demand I'd consider it further.
from dotnet.glob.
dazinator
commented on June 16, 2024
.. and by the way, as of the latest pre-release, the version stamping of the assembly should be fixed.
from dotnet.glob.
dazinator
commented on June 16, 2024
I am closing this for now. If you require a signed version of this package let me know. One way to achieve this is to fork the repo, and build it yourself with your own signing key.
from dotnet.glob.
Denis535
commented on June 16, 2024
I've make my own simple Glob.
I do not understand what is difficulties you to sign your package?
from dotnet.glob.
dazinator
commented on June 16, 2024
Ok cool.
The difficulty with signing is that this is an open source project that anyone can clone / fork and build and I dont want to add a private key file to the repo as that will render the value of the signature worthless from a security perspective. If anyone can produce the assembly with the same signature, then the signature doesn't really help you verify the publisher. I acknowledge it would have solved your immediate issue of requiring a signed assembly.
If you google this topic there is quite a bit of debate about it. Some people with open source projects just expose the private key anyway.
The long and short of it is that the simplest anwser for me right now is to not sign at all, because then I have no key to manage. However If I get more demand for this I will try to put something in future by setting up the private key on the build server, and keeping it secret by not adding it to the repo.
from dotnet.glob.
Denis535
commented on June 16, 2024
If I will fork this repo and build myself then I will not receive new version.
And If I will need 100500 packages and to sign its myself then this will turn my life into hell.
I understand you but it's simple project which makes no sense to protect. It makes sense to sign to use together with signed packages.
I do not see anything terrible to publish your private key. As I said it's very simple project.
from dotnet.glob.
dazinator
commented on June 16, 2024
As of version 2.0.3 which will appear on nuget shortly (if not already) - the assembly is now strongly signed. Thanks for raising the issue. I managed to use AppVeyor secure-file and secure variables in order to keep the private key secure.
from dotnet.glob.
Related Issues (20)
- Incorrect match with ** HOT 6
- IndexOutOfRangeException with ** HOT 9
- Bring dotnet glob to sql clr and ef core! HOT 2
- New option for parsing behaviour of invalid ** HOT 9
- Enable sourcelink HOT 1
- Fix build - GitVersion issue. HOT 2
- Build failing
- How to enumerate files and folders with glob? HOT 1
- Cannot build, deprecated dotnet dependencies and more HOT 2
- "**/.*" unexpectedly matches paths ending with dot HOT 4
- Glob failing on matching `/` with Index was outside the bounds of the array HOT 2
- Consider joining the .NET Foundation
- Double check character class logic HOT 1
- Composite character ranges
- Matching partial paths? HOT 2
- Having a dot after a wildcard in a pattern that also has literal directory and wildcard directory matchers can fail to match a valid path HOT 2
- Lots of bugs HOT 7
- Linux filenames with slashes HOT 3
- Multiple Glob Patterns HOT 2
- Inconsistent Matching HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dotnet.glob.