There are many situations where you _have_ to have a strong key, or example, gac deployments. In those cases, anything in the chain also have to have strong key. Most OSS in .NET have signed binary releases, and the snk is usually in the source code.
On Mon, Feb 21, 2011 at 6:55 AM, Stefan Bodewig <bode...@apache.org> wrote: > On 2011-02-20, Robert Jordan wrote: > > > On 20.02.2011 07:49, Stefan Bodewig wrote: > >> If you talk about strong naming assemblies then I don't have any > >> experience how a well designed scheme of sharing the key between several > >> developers might work. As the maintainer of XMLUnit I'd be interested > >> in a good solution myself. > > > Many open source projects are keeping the key pair (*.snk) > > together with the source code in their repository because > > the security significance of the key is zero. > > > Given how .NET assembly signing was designed, no one > > would be able to generate a compatible Lucene.Net assembly > > from source code w/out having to update assembly > > references in all projects using Lucene.Net. > > > This is hardly compatible with open source principles > > and should be avoided. > > I agree but users have asked for a strong named version of XMLUnit in > the past so I was thinking about providing one as alternative. I've > seen similar user requests for log4net or NUnit as well. > > Stefan >
