我应该将 Metro 应用程序的 TemporaryKey.pfx 文件添加到版本控制吗? [英] Should I add my Metro app's TemporaryKey.pfx file to version control?
问题描述
我已经创建了一个 Metro 风格的 C#/XAML 应用程序,现在我正在尝试将它添加到版本控制(Git 和后来的 GitHub).这意味着要弄清楚哪些文件属于版本控制,哪些不属于.
I've created a Metro-style C#/XAML application, and now I'm trying to add it to version control (Git and, later, GitHub). That means figuring out which files belong in version control and which don't.
当我创建 Metro 项目时,Visual Studio 向其中添加了一个名为 ProjectName_TemporaryKey.pfx 的文件.从我读过的内容来看,.pfx 文件显然与代码签名或证书或类似的东西有关.我还没有找到任何可以准确解释它们在 Metro 风格应用上下文中的含义,或者您应该如何管理它们的内容.
When I created my Metro project, Visual Studio added a file to it called ProjectName_TemporaryKey.pfx. From what I've read, .pfx files apparently have something to do with code signing or certificates or something like that. I haven't found anything yet that explains exactly what they mean in the context of Metro-style apps, or how you're supposed to manage them.
我打算将我的代码推送到 GitHub(在公共存储库中).从长远来看,我计划将我的应用程序放在 Windows 商店中.如果需要 .pfx 文件来构建项目,那么我最好将其签入.如果它包含将我标识为应用程序作者的数字身份,并且发布它会让互联网上的任何人推送我的应用程序的新版本在我不知情的情况下访问 Windows 商店,那么我最好不要检查它.
I'm planning to push my code to GitHub (in a public repository). Longer-term, I plan to put my app in the Windows store. If the .pfx file is required to build the project, then I'd better check it in. If it contains a digital identity that identifies me as the app's author, and publishing it would let anyone on the Internet push new versions of my app to the Windows store without my knowledge, then I'd better not check it in.
所以我的问题是,TemporaryKey.pfx 文件中有什么秘密吗?我应该将它签入我的公共存储库,还是应该将其置于源代码控制之外?(如果我不将其置于源代码管理中,但随后又想在另一台计算机上查看我的代码,会发生什么问题?)
So my question is, is there anything secret in the TemporaryKey.pfx file? Should I check it into my public repository, or should I leave it out of source control? (And what would break if I didn't put it into source control, but then wanted to check out my code on another computer?)
推荐答案
.pfx 用于临时代码证书以签署您的应用程序以部署到您的计算机,以便您可以进行调试.您可以删除它,但需要生成一个新的临时密钥(通过 package.appxmanifest 对话框中的 Packaging 选项卡).我总是把它留在我发布的代码中,因为使用代码的人更容易(即,没有错误消息).如果您查看其他一些 WinRT 源项目(例如 MVVMLight),为了方便起见,它们还包含 .pfx.
The .pfx is used at the temporary code certificate to sign your app for deployment to your machine so you can debug. You can remove it, but a new temporary key will need to be generated (via the Packaging tab in the package.appxmanifest dialog). I always leave it in the code I post since it is easier on the person using the code (i.e., no error messages). If you look at some other WinRT source projects (MVVMLight, for example) they also include the .pfx for convenience.
如果我理解正确,临时 .pfx 在商店提交过程中被替换,因此您无需担心其他人使用临时 .pfx.
If I understand things correctly, the temp .pfx is replaced during the Store submission process so you do not need to worry about the temp .pfx being used by someone else.
这篇关于我应该将 Metro 应用程序的 TemporaryKey.pfx 文件添加到版本控制吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
