.NET开源项目和强命名程序集？ [英] .NET OpenSource projects and strong named assemblies?

问题描述

我目前思考的开放式采购我的一个项目，我在preparing源$ C ​​$ c和项目结构的过程中要公布于众。现在我有一个问题：我应该如何处理的签名密钥对我的组件？我应该创建开源版本的新重点，并连同其他文件到SVN仓库发布呢？我要离开的关键了，大家谁愿意来编译code应该产生自己的密钥？

I am currently thinking about open-sourcing a project of mine and am in the process of preparing the source code and project structure to be released to the public. Now I got one question: how should I handle the signature key for my assemblies? Should I create a new key for the open-source version and publish it along with the other files to the SVN repository? Should I leave the key out and everyone who wants to compile the code should generate his own key?

你是如何处理的？我觉得有点不舒服释放的签名密钥给公众。

How do you handle this? I feel a little bit uncomfortable with releasing a signature key to the public.

推荐答案

有关 Protocol Buffers的，我释放键。是的，这意味着人们无法真正相信它的原始二进制 - 但它使生活显著更轻松的人谁想要修改codeA位，重建它，而且仍然能够从另一个签名的程序集使用它。

For Protocol Buffers, I release the key. Yes, that means people can't actually trust that it's the original binary - but it makes life significantly easier for anyone who wants to modify the code a bit, rebuild it, and still be able to use it from another signed assembly.

如果有人真的想要一个版本的协议缓冲区的，他们可以信任是绝对是合法的建设得到了GitHub上code，它们可以很容易地从他们信任的来源建立它自己。

If anyone really wants a version of Protocol Buffers which they can trust to be definitely the legitimate one built with the code from github, they can easily build it themselves from the source that they trust.

我肯定能看到它从双方虽然。我想，如果我在写这都是围绕着一个开源项目的安全的可能是另一回事。

I can certainly see it from both sides though. I think if I were writing an Open Source project which revolved around security that might be a different matter.

这篇关于.NET开源项目和强命名程序集？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！