Okay, cool On Mon, Feb 21, 2011 at 11:27 AM, Robert Jordan <robe...@gmx.net> wrote:
> On 21.02.2011 05:55, Stefan Bodewig wrote: > >> On 2011-02-20, Robert Jordan wrote: >> >> On 20.02.2011 07:49, Stefan Bodewig wrote: >>> >>>> If you talk about strong naming assemblies then I don't have any >>>> experience how a well designed scheme of sharing the key between several >>>> developers might work. As the maintainer of XMLUnit I'd be interested >>>> in a good solution myself. >>>> >>> >> Many open source projects are keeping the key pair (*.snk) >>> together with the source code in their repository because >>> the security significance of the key is zero. >>> >> >> Given how .NET assembly signing was designed, no one >>> would be able to generate a compatible Lucene.Net assembly >>> from source code w/out having to update assembly >>> references in all projects using Lucene.Net. >>> >> >> This is hardly compatible with open source principles >>> and should be avoided. >>> >> >> I agree but users have asked for a strong named version of XMLUnit in >> the past so I was thinking about providing one as alternative. I've >> seen similar user requests for log4net or NUnit as well. >> > > Yes, the last part of my mail was misleading. I was actually > proposing to keep Lucene.Net's SNK key together with the > source code and to sign the assembly during the build process. > > Robert > > >