Its my understanding that the .snk file for log4net 1.2.9 has been
misplaced and that's its not possible to get a build of 1.2.10 with the
1.2.9 key.
--- Cliff Burger <[EMAIL PROTECTED]> wrote:
> To solve my practical problem -- which I'm sure many other people
> have:
>
> Can someone make avail
To solve my practical problem -- which I'm sure many other people have:Can someone make available a version of 1.2.10 built with 1.2.9 private key? This would avoid the necessity of rebuilding a reasonably large number of libraries. Alternately: create a FAQ to explain another way around the proble
The .snk file has been part the iBATIS for .NET distribution for a long
time. I don't think anyone commented when it was checked in. iBATIS
usually defers all of its Apache matters to Ted Husted :) I've included
him on this reply. Ted, this is the start of the thread:
http://tinyurl.com/kj2rd
http
>
> Any feedback from the Apache overseers (or whatever they are called)?
>
Ron,
Do you know what the position of iBATIS for .NET is regarding its strong
name key? As far as I can see it is included in the source download. Was
there any discussion regarding this issue?
Cheers,
Nicko
> Assumption: only the "official owner" of log4net should be
> able to sign the log4net.dll assembly with the "official"
> public/private key pair.
That is the key point we need to decide. Does this assumption hold for
open source projects? Or should _everything_ required to build an
identica
I have been tempted to jump into this thread - ever since I saw signs
of "open-sourcing" log4net's private key. In all honesty I wanted to
see what the community would get to.
The recent dialog about code-signing - while useful - were really a
separate thread about .NET specifics e.g. assembly-lo
Nick, back to a solution to this quandary. I may have proposed this
already but I'm not sure.
Assumption: only the "official owner" of log4net should be able to
sign the log4net.dll assembly with the "official" public/private key
pair.
Why this assumption? Otherwise, anyone could sign the assemb
Message-
From: GlennDoten [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 8:38 AM
To: Log4NET Dev
Subject: Re: Strong name private key policy
Couldn't have said it better, Jonathan. Except that to my mind the
defence against the types of attacks you mention is more important
than wh
From: GlennDoten [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 7:20 AM
To: Log4NET Dev
Subject: Re: Strong name private key policy
Hi Tom. I work at PC Connection and we've been using signed assemblies
with .NET 1.1 for two years now, and they are in the bin directory and
not GA
TED]
Sent: Thursday, June 22, 2006 7:20 AM
To: Log4NET Dev
Subject: Re: Strong name private key policy
Hi Tom. I work at PC Connection and we've been using signed assemblies
with .NET 1.1 for two years now, and they are in the bin directory and
not GACed. They don't need to be GACed.
all indicate that running ASP.NET applications with strong
named assemblies deployed to the bin folder is not supported in .NET 1.1
or 2.0 as well as some of the symptoms might be experienced.
Thanks,
Tom
-Original Message-
From: GlennDoten [mailto:[EMAIL PROTECTED]
Sent: Wednesday, Ju
Message-
From: Jaroslaw Kowalski [mailto:[EMAIL PROTECTED]
Sent: 22 June 2006 13:58
To: Log4NET Dev
Subject: Re: Strong name private key policy
Hi!
You can always use this tool to remove the strong name:
http://www.nirsoft.net/dot_net_tools/strong_name_remove.html
Since it's a command-line
roject.org/ - A .NET Logging Library
- Original Message -
From: "Dag Christensen" <[EMAIL PROTECTED]>
To: "Log4NET Dev"
Sent: Thursday, June 22, 2006 2:56 PM
Subject: SV: Strong name private key policy
KB 324519 doesn't apply to .NET Framework 2.0 and K
EMAIL PROTECTED]
Sendt: 22. juni 2006 14:00
Til: Log4NET Dev
Emne: RE: Strong name private key policy
Glenn,
Please refer to the following articles -
http://support.microsoft.com/?kbid=324519
http://support.microsoft.com/default.aspx?scid=kb;en-us;813833
http://blogs.msdn.com/tess/archive/20
ginal Message-
From: Whitner, Tom [mailto:[EMAIL PROTECTED]
Sent: 21 June 2006 19:32
To: Log4NET Dev
Subject: RE: Strong name private key policy
We are facing a similar question with some internal code. We have
decided, at least for now, to produce both strong named and non-strong
named binaries.
private key policy
Not true, Tom. Just because an assembly is signed does not mean it
must be in the GAC to be used by ASPX. We run non-GACed, signed
assemblies with ASPX in production all the time.
FYI
On 6/21/06, Whitner, Tom <[EMAIL PROTECTED]> wrote:
> We are facing a similar ques
Just to clarify: there seems to be a misconception about signed
assemblies. A signed assembly runs just fine outside of the GAC, just
as if it were a non-signed assembly.
On 6/21/06, Niall Daley <[EMAIL PROTECTED]> wrote:
It seems we have several divergent requirements for signing; we need a
non
Not true, Tom. Just because an assembly is signed does not mean it
must be in the GAC to be used by ASPX. We run non-GACed, signed
assemblies with ASPX in production all the time.
FYI
On 6/21/06, Whitner, Tom <[EMAIL PROTECTED]> wrote:
We are facing a similar question with some internal code.
als can/will tolerate GAC
> installation on highly locked down server. Hence, having the non-strong
> versions has become a necessity.
>
> - Tom
>
> -Original Message-
> From: Nicko Cadell [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 21, 2006 1:59 PM
T Dev
Subject: RE: Strong name private key policy
> Please don't revert to the old days where log4net was not
> strong named.
> This would require all developers (including myself) to build
> log4net from source if they wanted to use it from an already
> strong named asse
> Please don't revert to the old days where log4net was not
> strong named.
> This would require all developers (including myself) to build
> log4net from source if they wanted to use it from an already
> strong named assembly.
I don't think that releasing versions of log4net that are not st
If this happens, they can wait for the next release
and have a log4net signed with your key pair if this is required.
Regards
Mark
-Original Message-
From: GlennDoten [mailto:[EMAIL PROTECTED]
Sent: 21 June 2006 16:40
To: Log4NET Dev
Subject: Re: Strong name private key policy
Nick, I th
Nick, I think maybe your own choice is to "license" the private key.
Write something up that says "if you sign any log4net-owned assembly
using the official log4net private key and your code is malicious then
you are in trouble." Or something like that.
Here's the problem with an unsigned assembl
All devs,
It was not my intention to change the strong name key for the 1.2.10
release. Due to some misadventure the key has changed between version
1.2.9 and 1.2.10. This has the undesirable effect of preventing binding
redirects between these version working.
I am still investigating where my k
24 matches
Mail list logo
