lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Jordan <robe...@gmx.net>
Subject Re: [Lucene.Net] Re: Signing Binary Releases
Date Mon, 21 Feb 2011 09:27:51 GMT
On 21.02.2011 05:55, Stefan Bodewig wrote:
> On 2011-02-20, Robert Jordan wrote:
>
>> On 20.02.2011 07:49, Stefan Bodewig wrote:
>>> If you talk about strong naming assemblies then I don't have any
>>> experience how a well designed scheme of sharing the key between several
>>> developers might work.  As the maintainer of XMLUnit I'd be interested
>>> in a good solution myself.
>
>> Many open source projects are keeping the key pair (*.snk)
>> together with the source code in their repository because
>> the security significance of the key is zero.
>
>> Given how .NET assembly signing was designed, no one
>> would be able to generate a compatible Lucene.Net assembly
>> from source code w/out having to update assembly
>> references in all projects using Lucene.Net.
>
>> This is hardly compatible with open source principles
>> and should be avoided.
>
> I agree but users have asked for a strong named version of XMLUnit in
> the past so I was thinking about providing one as alternative.  I've
> seen similar user requests for log4net or NUnit as well.

Yes, the last part of my mail was misleading. I was actually
proposing to keep Lucene.Net's SNK key together with the
source code and to sign the assembly during the build process.

Robert



Mime
View raw message