lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ayende Rahien <aye...@ayende.com>
Subject Re: [Lucene.Net] Re: Signing Binary Releases
Date Mon, 21 Feb 2011 09:31:35 GMT
Okay, cool

On Mon, Feb 21, 2011 at 11:27 AM, Robert Jordan <robertj@gmx.net> wrote:

> On 21.02.2011 05:55, Stefan Bodewig wrote:
>
>> On 2011-02-20, Robert Jordan wrote:
>>
>>  On 20.02.2011 07:49, Stefan Bodewig wrote:
>>>
>>>> If you talk about strong naming assemblies then I don't have any
>>>> experience how a well designed scheme of sharing the key between several
>>>> developers might work.  As the maintainer of XMLUnit I'd be interested
>>>> in a good solution myself.
>>>>
>>>
>>  Many open source projects are keeping the key pair (*.snk)
>>> together with the source code in their repository because
>>> the security significance of the key is zero.
>>>
>>
>>  Given how .NET assembly signing was designed, no one
>>> would be able to generate a compatible Lucene.Net assembly
>>> from source code w/out having to update assembly
>>> references in all projects using Lucene.Net.
>>>
>>
>>  This is hardly compatible with open source principles
>>> and should be avoided.
>>>
>>
>> I agree but users have asked for a strong named version of XMLUnit in
>> the past so I was thinking about providing one as alternative.  I've
>> seen similar user requests for log4net or NUnit as well.
>>
>
> Yes, the last part of my mail was misleading. I was actually
> proposing to keep Lucene.Net's SNK key together with the
> source code and to sign the assembly during the build process.
>
> Robert
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message