Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
FluentAssertions package is not Authenticode signed
See original GitHub issueDescription
FluentAssertions package is not Authenticode signed
Complete minimal example reproducing the issue
Our compliance requirement to use this package to prevent supply-chain attacks is that it is Strong Name and Authenticode signed. StrongName proves it was not tampered, and Authenticode proves who produced the binary.
Actual behavior:
FluentAssertions binaries are StrongName signed but not authenticode signed.
sn.exe -vf "...\fluentassertions.5.6.0.nupkg\lib\net45\FluentAssertions.dll"
Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0
Copyright (c) Microsoft Corporation. All rights reserved.
Assembly '...\fluentassertions.5.6.0.nupkg\lib\net45\FluentAssertions.dll' is valid
However it is not authenticode signed.
chktrust -v <binary>
pops a dialog saying the publisher cannot be verified. Can also right click the binary and check signature to see there is none.
Versions
- Which version of Fluent Assertions are you using? 5.6.0
- Which .NET runtime and version are you targeting? E.g. .NET framework 4.6.1 or .NET Core 2.0. All
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Maybe you can sign code with the support of the dot net foundation? https://dotnetfoundation.org/about
Correct. And I don’t own that certificate. CloudFare is the one doing the SSL encryption.