Assemblies are not Signed #81
Comments
|
Dang, I wanted to give a comment before having the issue closed 😅 Better documentation would certainly help as this is quite obscure knowledge right now, but: You should be able to declare a |
|
Ah ok I think I see. Thank you for your hint.. I was just interested in the "MonoMod.RuntimeDetour" package to setup a lightweight Hook. Is this not possible with a signed project? Is there a reason why the packages are not signed? There is a snk file in the Common project.. |
|
Ooooh, that's what you meant. The main reason why MonoMod isn't signed is because it makes drop-in updates by users harder. The runtime seems to have much stricter versioning rules for signed .DLLs, I have yet to understand all the details though. I also remember there being more to it, but sadly not what exactly. I'll try digging up what I can remember 😅 |
|
Microsoft itself recommends to not sign open source projects. Big corporations or users with signing needs will have to sign the packages themselves. The main problem here is that signed artifacts are creating lots of problems for ordinary users that have no idea what it means or have no intend to sign their artifacts. |
|
@pardeike Do you have a source for this statement? Perhaps we are confusing things here. I am talking about strong naming the assemblies. As example JSON: But of course you can also sign the assemblies yourself. But that is a bit tedious. |
Description
The assemblies are not signed and can not be referenced from a signed project.
That's criminal negligence by anybody that creates assemblies used by others, given how trivial it is to give an assembly a strong name while building it. Doing it afterwards is quite painful, you have to decompile the assembly with ildasm.exe and put it back together with ilasm.exe, now using the /key option.
The text was updated successfully, but these errors were encountered: