lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Jordan <robe...@gmx.net>
Subject Re: Signing Binary Releases
Date Sun, 20 Feb 2011 14:28:32 GMT
On 20.02.2011 07:49, Stefan Bodewig wrote:
> If you talk about strong naming assemblies then I don't have any
> experience how a well designed scheme of sharing the key between several
> developers might work.  As the maintainer of XMLUnit I'd be interested
> in a good solution myself.

Many open source projects are keeping the key pair (*.snk)
together with the source code in their repository because
the security significance of the key is zero.

Given how .NET assembly signing was designed, no one
would be able to generate a compatible Lucene.Net assembly
from source code w/out having to update assembly
references in all projects using Lucene.Net.

This is hardly compatible with open source principles
and should be avoided.

Robert


Mime
View raw message