[
https://issues.apache.org/jira/browse/LOG4NET-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790138#comment-13790138
]
Dominik Psenner edited comment on LOG4NET-397 at 10/9/13 7:49 AM:
------------------------------------------------------------------
{quote}IMHO your FAQ should provide more detailed information on the risk of
conflicts with 3rd party components{quote}
You run into this problem with every DLL on the world and it's something people
should know when they develop applications. IMHO people should read more books,
but it is also written down in the
[FAQ|http://logging.apache.org/log4net/release/faq.html#two-snks].
{quote}My view is that most people just want the latest stable log4net package
and are not interested in the ability to customize log4net{quote}
FWIW, the NuGet package maintainer decided that he distributes the new key
assembly.
{quote}whatever the recommendation, it should be clearly stated in a FAQ{quote}
Now I'm quoting [http://logging.apache.org/log4net/download_log4net.cgi]
{quote}See the
[FAQ|http://logging.apache.org/log4net/release/faq.html#two-snks] for
background. We recommend you use the assemblies signed with the "new" key
whenever possible.{quote}
If you feel that the information there is not enough, feel free to file an
issue in JIRA.
{quote}Also I believe you should liaise with the owners of the NuGet
package{quote}
We have contacted him/her and he pushed the NuGet packaging source into GitHub.
My impression is that he/she is not interested in extending his duties and I
can understand that since I am doing this in my spare time too.
was (Author: nachbarslumpi):
{quote}IMHO your FAQ should provide more detailed information on the risk of
conflicts with 3rd party components{quote}
You run into this problem with every DLL on the world and it's something people
should know when they develop applications. IMHO people should read more books.
{quote}My view is that most people just want the latest stable log4net package
and are not interested in the ability to customize log4net{quote}
FWIW, the NuGet package maintainer decided that he distributes the new key
assembly.
{quote}whatever the recommendation, it should be clearly stated in a FAQ{quote}
Now I'm quoting [http://logging.apache.org/log4net/download_log4net.cgi]
{quote}See the
[FAQ|http://logging.apache.org/log4net/release/faq.html#two-snks] for
background. We recommend you use the assemblies signed with the "new" key
whenever possible.{quote}
If you feel that the information there is not enough, feel free to file an
issue in JIRA.
{quote}Also I believe you should liaise with the owners of the NuGet
package{quote}
We have contacted him/her and he pushed the NuGet packaging source into GitHub.
My impression is that he/she is not interested in extending his duties and I
can understand that since I am doing this in my spare time too.
> Conflicts due to new strong name key
> ------------------------------------
>
> Key: LOG4NET-397
> URL: https://issues.apache.org/jira/browse/LOG4NET-397
> Project: Log4net
> Issue Type: Bug
> Reporter: Joe
>
> Consider an application that uses two third-party assemblies:
> - AssemblyA from Supplier A, compiled with log4net 1.2.10 (old strong-name
> key)
> - AssemblyB from Supplier B, compiled with log4net 1.2.11 (new strong-name
> key)
> How can I make these two assemblies co-exist and use the same version of
> log4net?
> Maybe I'm missing something obvious, but I can't see any way to do this: for
> example I obviously can't have both log4net assemblies in the same bin
> folder, as they have the same name.
> I'm obviously not the only one who thinks there's a problem, e.g. issue
> LOG4NET-324 refers to "... the strong name horror too". The comment on this
> issue:
> "... But if you need the old "strong name", you can simply use the "oldkey"
> binaries. I can't see how this is a horror, but of course I'm biased."
> doesn't seem to address the problem of conflicts.
> Also there are no guidelines for component suppliers as to which version to
> use, which increases the risk of conflicts. In the absence of explicit
> guidelines, I guess legacy components will have the old key, whereas new ones
> will tend to use the new key, since that is the only version available via
> NuGet.
> The only solution I can see is the following:
> - The "new key" assembly needs to have a different name from the "old key"
> assembly (e.g. log4net-2.dll).
> - Use Type forwarding to enable both versions to co-exist. E.g. you could
> supply a special log4net.dll signed with the old key that uses type
> forwarding to forward to log4net-2.dll signed with the new key. Or
> vice-versa.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
