NuGet Product(s) Involved

dotnet.exe

The Elevator Pitch

With reproducible builds, software can become more trustworthy, transparent and secure. It becomes easier to verify that binaries have not been tampered with it, and easier to identify some types of security attacks.

As part of that, it would be great if nupkgs were fully reproducible.

One current area of non-reproducibility in nuget packages is order of files in the .nupkg files. NuGet.Client's PackageBuilder uses a HashSet to order the files when adding them to a nupkg, and the order can change randomly from build to build. It would be great if the the order of the files in a nuget package were deterministic.

Additional Context and Details

This ties to dotnet/source-build#4963