lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: [Lucene.Net] Re: Signing Binary Releases
Date Mon, 21 Feb 2011 12:16:58 GMT
On 2011-02-21, Ayende Rahien wrote:

> There are many situations where you _have_ to have a strong key, or
> example, gac deployments.  In those cases, anything in the chain also
> have to have strong key.

Yes, I knew that.  Sorry if I sounded stupid.  In most cases I try to
avoid the GAC and my personal use-case (XMLUnit) is quite different from
Lucene (i.e. it is less likely to end up as a dependency of something
that gets deployed to the GAC).

Fortunately my opinion is pretty unimportant here anyway 8-)

> Most OSS in .NET have signed binary releases, and the snk is usually
> in the source code.

Do you educate your users that there is no security promise attached to
the strong name in this case?  I've always shied away from using strong
names in OSS because of the illusion of verified-publisher they provide
in such a setup.



View raw message