Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added public StrongName signing for Release build configuration #18

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

added public StrongName signing for Release build configuration #18

wants to merge 3 commits into from

Conversation

0x6d61726b
Copy link
Contributor

Added public StrongName signing for Release build configuration, so the NetRevisionTask.dll can be called by strong named assemblies.

If you think signing of Debug builds is also a good idea, the following line can simply be removed:
<SignAssembly>false</SignAssembly>

@ygoe
Copy link
Owner

ygoe commented Jan 2, 2021

To be honest, I don't know what strong name signing is. Never used it, never needed it. Does it even still exist in the newer .NET Core/5 series? Your change seems to introduce private key material. Is that a good idea in a (public) code repository?

@0x6d61726b
Copy link
Contributor Author

Hello Yves,

please have a look to the following links (which I hope explains the topic):
https://docs.microsoft.com/en-us/dotnet/standard/assembly/strong-named
https://docs.microsoft.com/en-us/dotnet/standard/assembly/strong-named

Strong naming refers to signing an assembly with a key, producing a strong-named assembly. When an assembly is strong-named, it creates a unique identity based on the name and assembly version number, and it can help prevent assembly conflicts.

One important aspect of strong naming is that it's viral: a strong named assembly can only reference other strong named assemblies. If your library isn't strong named, then you have excluded developers who are building an application or library that needs strong naming from using it.

If you are an open-source developer and you want the identity benefits of a strong-named assembly for better compatibility with .NET Framework, consider checking in the private key associated with an assembly to your source control system.

Two examples of other open source projects using strong name signing:
https://github.com/NLog/NLog/tree/master/src
https://github.com/commandlineparser/commandline

@ygoe
Copy link
Owner

ygoe commented Feb 27, 2021

If you think signing of Debug builds is also a good idea, (…)

Actually I don't think anything here. I'd just follow your suggestion. It looks plausible in its current form. If you'd prefer to also sign debug builds, please change the PR to not include that line. Otherwise, I'd merge it as-is.

@0x6d61726b
Copy link
Contributor Author

I have enabled Strong Name signing globally and merged latest changes from master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0x6d61726b @ygoe