开源项目的签约二进制 [英] Signing binaries of open-source projects

问题描述

我试图用 ServiceStack 在我目前的项目，但发现公布的二进制文件都不强命名的，所以我不能用它的框。当问在GitHub上为什么我得到了以下的回答：

I tried to use ServiceStack in my current project but found the binaries released were not strong named so i couldn't use it out of the box. When asking on GitHub "why" I got the following answer:

这是病毒的毒性，阻碍结合，提升，发展，   部署等

it's virally toxic and hinders binding, upgrading, development, deployment, etc.

mythz是非常简洁的，所以我不想打扰他更多，问在这里。我用了很多像AutoMapper，NUnit的，起订量，log4net的，Ninject等及其发布的开源.NET项目全部强名称。找到<一href="http://stackoverflow.com/questions/396143/net-opensource-projects-and-strong-named-assemblies">similar 的问题在这里，就这样，不过这并不能帮助我。它是在开源软件通常的做法？为什么不松开两个符号和无符号二进制文件？

mythz was very laconic so I didn't want to bother him more and asking here. I use a lot of open-source .NET projects like AutoMapper, NUnit, Moq, log4net, Ninject, etc. and their releases are all strong named. Found similar question here, on SO, but it doesn't help me. Is it normal practice in OSS? Why not release both signed and unsigned binaries?

推荐答案

这里有原因强命名为开源项目是一个坏主意现有的讨论：

Here's an existing discussion on reasons why Strong Naming is a bad idea for Open Source projects:

<一个href="https://groups.google.com/forum/?fromgroups#!topic/getglimpse-dev/pXXazMOOdjE">https://groups.google.com/forum/?fromgroups#!topic/getglimpse-dev/pXXazMOOdjE

下面是使用它的噩梦故事：

Here is a nightmare story from using it:

<一个href="http://haacked.com/archive/2012/02/16/changing-a-strong-name-is-a-major-breaking-change.aspx">http://haacked.com/archive/2012/02/16/changing-a-strong-name-is-a-major-breaking-change.aspx

我个人一直在通过2代log4net的那曾尝试使用组件引用log4net的2种不同的强命名的版本在同一个项目中都出现了2支球队 - 浪费了大量的时间和精力，努力使这项工作不好玩，也不是我们计划受到自己或授权所有的用户太多东西。

I've personally been in 2 teams that have suffered through 2 generations of Log4Net that have tried to use assemblies referencing 2 different strong-named versions of Log4Net in the same project - Wasting lots of time and effort trying to make this work is not fun, nor is it something we plan to subject ourselves or mandate all our users too.

用户希望强命名的版本是免费的签署公共ServiceStack回购自己的克隆/叉。

Users that want a strong-named version are free to sign their own clone/fork of the public ServiceStack repos.

如果有它的需求，我们会考虑维护我们自己的正式烧焦的商业我们的库的版本。

If there is demand for it, we will consider maintaining our own "Officially Singed" commercial versions of our libraries.

这篇关于开源项目的签约二进制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！