Gert, Signing assemblies is an ambiguous term that can mean applying a strong name to the assembly or verifying the publisher. I am referring to applying a strong name. We don't store the assemblies in the GAC. Currently, we just extend some tasks to better suit our environment and we sign (with a strong name) all of the assemblies we develop internally.
gertdriesen wrote: > > In general, you sign assemblies because: > a) you want to to store them in the GAC > b) to allow users to verify the publisher > Check out Nunit for an example of an open source project that publishes the signing key (strong name) with the source. gertdriesen wrote: > > => our signing key would need to be public to allow users to build NAnt > from > source; hence anyone could have signed the NAnt assemblies > You bring up a great point about 3rd party assemblies (you may have the same problem that I am experiencing!). gertdriesen wrote: > > I haven't checked if all third-party assemblies that we use are signed. If > not, then signing our assemblies is a no-go anyway since all the > assemblies > referenced by a strongly named assembly must also be strongly named. > -- View this message in context: http://www.nabble.com/Why-aren%27t-Nant---NantContrib-Assemblies-signed-tf3548011.html#a9922485 Sent from the NAnt - Users mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ NAnt-users mailing list NAnt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nant-users
