What signing method to use for public open-source projects?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Irchi on Stack Overflow See other posts from Stack Overflow or by Irchi
Published on 2010-03-26T07:43:52Z Indexed on 2010/03/26 7:53 UTC
Read the original article Hit count: 283

Filed under:
|
|
|

I'm publishing an open-source library on CodePlex, and want the dll files to have strong names so that they can be added to GAC.

What's the best option for signing?

Should I use SNK? If so, everyone have access to the key. I don't have a problem with everyone having access, but is it a good approach?

Should I use PFX? If so, does it mean that other people downloading the source code are not able to build the solution?

What I like to do is that I am the only one person to have access to the key, so that the signed assemblies also have a level of authenticity, but meanwhile don't prevent other developers to download, build, or change the source code for themselves, and be able to post changes for the main project.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about .NET

Related posts about signing

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle