lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ayende Rahien <aye...@ayende.com>
Subject Re: [Lucene.Net] Re: Signing Binary Releases
Date Mon, 21 Feb 2011 12:25:17 GMT
Educate my users?
That is hardly my role. They get the benefit of being able to run a patch
version without undue hassle.
NHibernate 1.x tried to have a secret snk, and that failed pretty miserably

On Mon, Feb 21, 2011 at 2:16 PM, Stefan Bodewig <bodewig@apache.org> wrote:

> On 2011-02-21, Ayende Rahien wrote:
>
> > There are many situations where you _have_ to have a strong key, or
> > example, gac deployments.  In those cases, anything in the chain also
> > have to have strong key.
>
> Yes, I knew that.  Sorry if I sounded stupid.  In most cases I try to
> avoid the GAC and my personal use-case (XMLUnit) is quite different from
> Lucene (i.e. it is less likely to end up as a dependency of something
> that gets deployed to the GAC).
>
> Fortunately my opinion is pretty unimportant here anyway 8-)
>
> > Most OSS in .NET have signed binary releases, and the snk is usually
> > in the source code.
>
> Do you educate your users that there is no security promise attached to
> the strong name in this case?  I've always shied away from using strong
> names in OSS because of the illusion of verified-publisher they provide
> in such a setup.
>
> Thanks
>
>        Stefan
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message