lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <bode...@apache.org>
Subject [Lucene.Net] Re: Signing Binary Releases
Date Mon, 21 Feb 2011 04:55:40 GMT
On 2011-02-20, Robert Jordan wrote:

> On 20.02.2011 07:49, Stefan Bodewig wrote:
>> If you talk about strong naming assemblies then I don't have any
>> experience how a well designed scheme of sharing the key between several
>> developers might work.  As the maintainer of XMLUnit I'd be interested
>> in a good solution myself.

> Many open source projects are keeping the key pair (*.snk)
> together with the source code in their repository because
> the security significance of the key is zero.

> Given how .NET assembly signing was designed, no one
> would be able to generate a compatible Lucene.Net assembly
> from source code w/out having to update assembly
> references in all projects using Lucene.Net.

> This is hardly compatible with open source principles
> and should be avoided.

I agree but users have asked for a strong named version of XMLUnit in
the past so I was thinking about providing one as alternative.  I've
seen similar user requests for log4net or NUnit as well.

Stefan

Mime
View raw message