Strong name your assemblies #750
Labels
enhancement
New feature or request
Comments
3 tasks
|
Thank you - I'll definitely do this! |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please strong name your assemblies. It's easy, and opens your code up for use by other libraries and apps that already strong name their assemblies on .NET Framework.
Following are some points that refute some misinformation out there that often discourages developers from strong naming their libraries:
Strong naming isn't about security. The .NET team has said as much officially. In their official guidance, they tout the merit of strong naming as avoiding assembly naming conflicts:
They further state:
And...
So you see, strong naming is not for verifying the authenticity of the publisher. Therefore, disclosing the .snk publicly in an OSS repo is perfectly fine. You lose nothing as an OSS non-strong-named library by adding a strong name (except binary compatibility with previous versions of your library when a user is running on .NET Framework). You didn't have publisher security before, and you don't after. But you gain a whole set of .NET Framework customers who already strong name their assemblies and are technically prevented from referencing assemblies that are not strong named.
Many OSS repos (including all of my own) check in the .snk for their own use and to maintain the spirit of OSS, which is that anyone can modify and rebuild an assembly and use it in place of the original. Strong naming and hiding the private key would violate that, but Strong naming and disclosing the private key maintains that.
Please strong name the assembly. :)
The text was updated successfully, but these errors were encountered: