[
https://issues.apache.org/jira/browse/LOG4NET-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790265#comment-13790265
]
Joe commented on LOG4NET-397:
-----------------------------
@dominik - I get the impression from your comments that you don't see this as a
real issue ("it may be time to learn about the GAC", "You run into this problem
with every DLL on the world and it's something people should know when they
develop applications. IMHO people should read more books"). But I'll try again
to clarify what I'm saying.
The problem doesn't occur with every DLL in the world; only when an external
component (here log4net) is available with the same assembly filename and
multiple strong name keys, and when different strong name versions are used by
multiple component suppliers. And logging is used so widely that a logging
component has a high probability of being used by multiple components.
Hence I feel that there should be guidelines in the FAQ that alert users to the
risks of conflict outlined in this post, and give recommendations to avoid
them. While the FAQ does recommend using the "new key" version, it doesn't say
why or explain the risk of conflicts with other components.
> Conflicts due to new strong name key
> ------------------------------------
>
> Key: LOG4NET-397
> URL: https://issues.apache.org/jira/browse/LOG4NET-397
> Project: Log4net
> Issue Type: Bug
> Reporter: Joe
>
> Consider an application that uses two third-party assemblies:
> - AssemblyA from Supplier A, compiled with log4net 1.2.10 (old strong-name
> key)
> - AssemblyB from Supplier B, compiled with log4net 1.2.11 (new strong-name
> key)
> How can I make these two assemblies co-exist and use the same version of
> log4net?
> Maybe I'm missing something obvious, but I can't see any way to do this: for
> example I obviously can't have both log4net assemblies in the same bin
> folder, as they have the same name.
> I'm obviously not the only one who thinks there's a problem, e.g. issue
> LOG4NET-324 refers to "... the strong name horror too". The comment on this
> issue:
> "... But if you need the old "strong name", you can simply use the "oldkey"
> binaries. I can't see how this is a horror, but of course I'm biased."
> doesn't seem to address the problem of conflicts.
> Also there are no guidelines for component suppliers as to which version to
> use, which increases the risk of conflicts. In the absence of explicit
> guidelines, I guess legacy components will have the old key, whereas new ones
> will tend to use the new key, since that is the only version available via
> NuGet.
> The only solution I can see is the following:
> - The "new key" assembly needs to have a different name from the "old key"
> assembly (e.g. log4net-2.dll).
> - Use Type forwarding to enable both versions to co-exist. E.g. you could
> supply a special log4net.dll signed with the old key that uses type
> forwarding to forward to log4net-2.dll signed with the new key. Or
> vice-versa.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
