On 21.02.2011 05:55, Stefan Bodewig wrote:
On 2011-02-20, Robert Jordan wrote:
On 20.02.2011 07:49, Stefan Bodewig wrote:
If you talk about strong naming assemblies then I don't have any
experience how a well designed scheme of sharing the key between several
developers might work. As the maintainer of XMLUnit I'd be interested
in a good solution myself.
Many open source projects are keeping the key pair (*.snk)
together with the source code in their repository because
the security significance of the key is zero.
Given how .NET assembly signing was designed, no one
would be able to generate a compatible Lucene.Net assembly
from source code w/out having to update assembly
references in all projects using Lucene.Net.
This is hardly compatible with open source principles
and should be avoided.
I agree but users have asked for a strong named version of XMLUnit in
the past so I was thinking about providing one as alternative. I've
seen similar user requests for log4net or NUnit as well.
Yes, the last part of my mail was misleading. I was actually
proposing to keep Lucene.Net's SNK key together with the
source code and to sign the assembly during the build process.
Robert
