Hi Tom, We are currently developing ASP .NET applications that use strong-named assemblies. We do not install any of our assemblies in the GAC, and everything works as expected.
You shouldn't have to put your assemblies in the GAC in order for ASP to be happy. Regards, Mark -----Original Message----- From: Whitner, Tom [mailto:[EMAIL PROTECTED] Sent: 21 June 2006 19:32 To: Log4NET Dev Subject: RE: Strong name private key policy We are facing a similar question with some internal code. We have decided, at least for now, to produce both strong named and non-strong named binaries. Most agree that the strong named option is preferred. However, due to ASP.NET'sbehavior when loading strong named assemblies (i.e. it requires the GAC), not all individuals can/will tolerate GAC installation on highly locked down server. Hence, having the non-strong versions has become a necessity. - Tom -----Original Message----- From: Nicko Cadell [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 21, 2006 1:59 PM To: Log4NET Dev Subject: RE: Strong name private key policy > Please don't revert to the old days where log4net was not > strong named. > This would require all developers (including myself) to build > log4net from source if they wanted to use it from an already > strong named assembly. I don't think that releasing versions of log4net that are not strongly named is an option we can take. The only question is do we open source the strong name private key or do we keep it private (as we currently do). If we do not make our strong name private key open then users of applications that bind to the log4net strong name cannot build and substitute their own version of the log4net assembly. The only way in which they could would be it the main application is open source and therefore they can rebuild it from source, and therefore change its binding to a different log4net strong name. There needs to be a balance between application author security and user freedoms. At the moment we come down on the side of the application author and do curtail the user's freedom to replace the log4net binary. I believe that this is Microsoft's intention in designing the strong name binding system, especially as they do not allow a binding redirect configuration on the user's machine to redirect from one public key to another (only version may be redirected). It is likely that we will need to discuss this situation with the wider Apache community rather than just the log4net or the other Apache .net projects. Nicko This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this e-mail in error you must not copy, distribute or take any action in reliance on it. Please notify the sender by e-mail or telephone. We utilise an anti-virus system and therefore any files sent via e-mail will have been checked for known viruses. You are however advised to run your own virus check before opening any attachments received as we will not in any event accept any liability whatsoever once an e-mail and/or any attachment is received. Any views expressed by an individual within this e-mail do not necessarily reflect the views of Systems Union Group plc or any of its subsidiary companies.
