You're probably mixing signing the dll for GAC (strong name), and Authenticode as offered by Verisign and others which Michael asks for.
Log4net is distributed as a strong name assembly signed by a key held by Apache. If you recompile log4net from source and want it strong named, you'll have to sign it with your own key. Keeping the original Apache key private allows an end-user to verify the binary has been built from original apache source (pgp is just an extra insurance). Authenticode works on existing binaries (signtool.exe), and the process is described here: https://knowledge.verisign.com/support/code-signing-support/index?page=c ontent&id=AR190 Since the Apache license allows you to change and distribute your own versions of log4net (with some conditions, see 4. Redistribution at http://logging.apache.org/log4net/license.html), you should be free to digitally sign the binaries too. Regards, Dag Fra: Michael Hablich [mailto:[email protected]] Sendt: 14. oktober 2009 08:54 Til: Log4NET User Emne: AW: Signing the log4net.dll with a digital signature Unfortunatly not. Maybe you mean the PGP signature but I need a digital signature for Windows DLLs. For instance Verisign issues such signatures. I doubt the Apache foundation has such signatures because they cost money. If I interpret the Apache license correctly it is okay to sign the DLL with my own signature but I am not sure. Von: Walden H. Leverich [mailto:[email protected]] Gesendet: Dienstag, 13. Oktober 2009 18:22 An: Log4NET User Betreff: RE: Signing the log4net.dll with a digital signature But isn't there a signed version of l4n that you can download and use? Why sign your own? -- Walden H Leverich III Tech Software & BEC - IRBManager (516) 627-3800 x3051 [email protected] http://www.TechSoftInc.com <http://www.techsoftinc.com/> http://www.IRBManager.com <http://www.irbmanager.com/> Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) From: Michael Hablich [mailto:[email protected]] Sent: Monday, October 12, 2009 7:58 AM To: Log4NET User Subject: AW: Signing the log4net.dll with a digital signature One prerequisite for Windows certification (for the software) is having all deployed DLLs digitally signed wheter from the original developer or the deployer. Von: Karim Bourouba [mailto:[email protected]] Gesendet: Montag, 12. Oktober 2009 13:51 An: [email protected] Betreff: RE: Signing the log4net.dll with a digital signature I would say yes, it is. But I am not sure as to why you would want to do this? ________________________________ From: [email protected] To: [email protected] Date: Mon, 12 Oct 2009 13:06:34 +0200 Subject: Signing the log4net.dll with a digital signature Hello, is it allowed to sign the log4net.dll with my own digital signature? Thanks in advance, Michael ________________________________ View your other email accounts from your Hotmail inbox. Add them now. <http://clk.atdmt.com/UKM/go/167688463/direct/01/> ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.f-secure.com/
