Version 3.0.4? #325
Comments
|
Are you running into any issues? The package is working as it is. |
|
Update: Yes, it works, as far as I can tell. But in the light of the recent supply chain attack with that compression library, some more transparency is needed here. Everybody should be able to build the library from the verifyable source code. If that's not possible, the library is no longer available as open-source. |
|
The nuget package commit hash in the assembly info https://nuget.info/packages/Certes/3.0.4 I think Eddie has been very gracious to supply this code for the community to use, so if in doubt build your own copy. Clearly he just uses it for work and doesn't have time to support a community of users. A lot of the problems users see using the package are a direct result of the users knowing very little about ACME, Certificate Chains, or Let's Encrypt, and that's a support job in itself. We do have a fork over at https://github.com/webprofusion/anvil which is also available as a nuget package but likewise we don't really support it as a community project as it has experimental tweaks and changes specifically used in Certify The Web. We will however commercially support Certify The Web customers who also use that library. |
I see the NuGet package is available in version 3.0.4 and it seems to be necessary to use it to make it work as of Feb 2024. But there is no tag in the source and no changes are documented. So is this package now closed source and undocumented? What code will I be using when installing the new package version? What kind of packaging process is this?
The text was updated successfully, but these errors were encountered: