Switch to std-uritemplate

[andreaTP]

Fix #122

[baywet]

Blocking until we solve for the casing issue in the generation

[andreaTP]

Updated to 0.0.40 (with the improved publishing) and the fix landed in the main repo.
This should be good to go 🙂

[andreaTP]

Is there anything I can do to help move this forward?
In my understanding, all the bugs have been fixed already.

[baywet]

@andreaTP I think one of the last thing that's missing for std uri template is for it to be digitally signed. But maybe that's only a requirement for Microsoft owned assemblies. It's a bit of a gray area. Note: we also depend on OpenTelemetry which is not digitally sign.
@andrueastman are you able to provide more details about the potentially digital signature requirements in dotnet?

Also having another look at this thread is seems that besides digital signature, ownership of the package is still an issue. I just created an organization Std.UriTemplate, to which I've sent you an invite.
If you could:

1. accept the invite
2. transfer the package to the org
3. update the token you setup for releasing to be an organization package instead of a personal one (otherwise the next version will go back to your personal account)

(as a general rule of thumb this is probably something we should follow for all package feeds as a reliability approach)

[andreaTP]

Thanks @baywet for helping out here!
Looks like packages can have co-owners and I can keep the token, let me know if this is enough.

[baywet]

I'd advocate for making the organization only as owner of the package to fully address the concern voiced by the user.

[andreaTP]

Ok, completely open about this, done 👍

[baywet]

Thanks for making the changes. LGTM. @andrueastman for final review and to provide input on digital signature.

[andreaTP]

Thanks @baywet for checking everything!
Please note that we are on-par with the OpenTelemetry libraries and this is an interesting assessment done on their side.

Additionally, we are not making the current situation worse as Tavis doesn't have a digital signature as well IIRC.

[andrueastman]

I just created this PR to address the deterministic builds issue in the generated package for source link. std-uritemplate/std-uritemplate#72 otherwise this looks good to me.

Additionally, we are not making the current situation worse as Tavis doesn't have a digital signature as well IIRC.

This is true, the Tavis dlls are not signed now and moving forward would be keeping the situation as is. Failing to have a Strong name is what can be blocking for users as some runtimes won't run/build if a dependency isn't strongly named (which is addressed).

Like the challenge for OpenTelemetry, the issue would be figuring out certificate management for the signing of the package as at the moment, our current packages are signed using a signing service available in ADO which makes it easier in this end.
As this wouldn't really be a regression and we can probably move forward with the change and figure out the best methods for certificate management and sort this out separately (as signing the package with MSFT certs would be confusing for the end user).

[baywet]

@andrueastman can you push a changelog entry and version bump to this PR please? (minor, today)