I can’t find the signed httpclient on nuget.
Also, why do you have signed and unsigned versions? Why not just sign them all? I just recently went thru the painful task of uninstalling unsigned nugets and replacing with signed version due to a component that required the signed client.
Thanks,
Brian
Not every package is Signed, just the popular ones listed on downloads. I’ll look at creating a Signed version of HttpClient.
Because signing packages is a legacy OSS-hostile mistake that’s perptuated virally, causes friction and runtime issues whilst providing zero value and no security benefits. The few developers that need strong-named libraries should use the isolated .Signed packages where it won’t have any impact on everyone else who doesn’t need strong named libraries.
went thru the painful task of uninstalling unsigned nugets and replacing with signed version due to a component that required the signed client.
Which is an issue with the component requiring Strong name libraries.
There’s a new ServiceStack.HttpClient.Signed NuGet package that’s available from v4.5.5 that’s now available on MyGet.
I fully understand the legacy argument and don’t disagree, but the unsigned dll’s (from 3rd parties) perpetuate the friction since signed dll’s can be consumed in any use case. You could save yourself from maintaining the separate nugets.
It would cost us more time in the long run in support and diagnosing strong name issues, but even if it didn’t the extra maintenance is worth improving the user experience of our libraries over the majority of our customer base.