All Lucene.NET assemblies are signed, aka strongly named. We are starting to run into problems with dependencies which not being signed. What's becoming more common in the .NET world (OSS mainly) is to stop signing assemblies because its pretty<http://stackoverflow.com/questions/20105103/are-signed-net-assemblies-ever-fully-verified-when-loaded-to-check-they-haven> much<http://stackoverflow.com/questions/1197133/anything-wrong-with-not-signing-a-net-assembly> useless <http://msdn.microsoft.com/en-us/magazine/cc163583.aspx> (in the last link: What Strong Names Can't Do).
Regardless of the argument about SN it seems to bring more fraction and trouble than anything good, especially considering we are an open-source library. Case in question, I'm moving to updating the spatial module and want to fetch dependencies from nuget. While spatial4n is signed (so it can be used from Lucene.NET), NTS+GeoAPI are not and don't appear to get signed any time soon. Since signed assemblies cannot reference non-strongly-named assemblies, I can't currently do that - not through nuget at least. This introduces a lot of frustration and tons of fraction which I'd like to have removed. Ideally I'd want to move to removing strong-naming from all Lucene.NET assemblies (v4 and forward), and having a wiki page that describes why signing is pointless and how to manually sign it if you insist. I can see 2 disadvantages for not signing, both of which I doubt really matter nowadays and given our usage scenarios: 1. Deploy Lucene.NET to the GAC without further steps (non-signed assemblies can be SN or ILMerged as part of the install process) 2. Signed assemblies / project won't be able to get Lucene.NET from nuget directly because they'll have to sign it before referencing it. Or lose SN themselves. Thoughts? -- Itamar Syn-Hershko http://code972.com | @synhershko <https://twitter.com/synhershko> Freelance Developer & Consultant Author of RavenDB in Action <http://manning.com/synhershko/>
