This is a contentious point. Signing serves several purposes: 1) It implies a degree of security in that in a closed-source model theoretically only the original vendor is able to sign their assemblies; 2) It is part of a type's identifier and so suggests an adherence to a particular interface contract.
In an open-source model we can't guarantee either of these points which means that by signing the NAnt assemblies we would be implying a degree of security and compatibility that we can't actually provide. The only reason to do it is to make the assemblies compatible with the GAC or the various security models that require it - but it would be a box-ticking exercise. Given that NAnt is a tool rather than a library I can't see any real reason to want to do this. ________________________________ Jonathan Evans -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Walker Sent: Tuesday, April 10, 2007 4:27 PM To: nant-users@lists.sourceforge.net Subject: Re: [NAnt-users] Why aren't Nant / NantContrib Assemblies signed Nunit is open source and the source is hosted on sourceforge. The NUnit project provides a signing key (nunit.snk) as part of the source release. The hosted build that publishes the binary release uses this key to sign the assemblies. You can use the provided key for your own 'bug fix' builds from the source, or you can use a different key, or you can remove the key altogether. Publishing signed assemblies does not prevent you from modifying the source. Signing assemblies increase the value of binary releases by creating a broader usage context. Melissa Kacher-2 wrote: > > Who would sign it? It's open source. And what if you want to make > changes or fix bugs in your copy? You can't go back and have that same > person sign your changes. Just food for thought. > -- View this message in context: http://www.nabble.com/Why-aren%27t-Nant---NantContrib-Assemblies-signed-tf3548011.html#a9922036 Sent from the NAnt - Users mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ NAnt-users mailing list NAnt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nant-users ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ============================================================================== ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ NAnt-users mailing list NAnt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nant-users
