Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider creating a signed version of Brighter #287

Closed
iancooper opened this issue May 1, 2018 · 4 comments
Closed

Consider creating a signed version of Brighter #287

iancooper opened this issue May 1, 2018 · 4 comments
Assignees
@holytshirt
Labels
3 - Done Breaking Change

Comments

@iancooper
Copy link
Member

iancooper commented May 1, 2018
edited
Loading

The Polly drama has opened up the issue that because we are not signed we can run into difficulty in environments that need signed assemblies. Whilst unsigned can depend on signed, signed needs signed. As a result we may choose to sign Brighter.

We would adopt the Newtonsoft strategy:

  • DLLs are strong-named
  • semver the nuget packages
  • assemblies within the package have major version only for "Strong name" and "Full Name"
  • assemblies within the package have major.minor.patch for "AssemblyFileVersion" and "AssemblyInformationalVersion"

We could sign Brighter and ServiceActivator that only depend on strong-named packages. The transports might not be strong-named if we cannot find a strong-named version of the lib that we depend on, which would become caveat emptor.

We would include the key in the repo, without password protection to enable local builds.

Whilst we don't like strong-naming we may not be able to fight against it.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@iancooper iancooper self-assigned this May 1, 2018
@holytshirt
Copy link
Member

Referencing the Polly issue
App-vNext/Polly#442

@holytshirt holytshirt mentioned this issue May 1, 2018
Closed
@iancooper iancooper mentioned this issue May 2, 2018
Closed
@holytshirt
Copy link
Member

Pulled in polly, all working no need to sign brighter

@iancooper iancooper reopened this Oct 16, 2018
@iancooper
Copy link
Member Author

I a reopening this issue, as guidance from MS is now to sign.

https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming#create-strong-named-net-libraries

We have to play as part of the ecosystem. It is possible that someone is going to refuse to play with us because we don't strong name. However, we are a framework, not a library so we are more top-level and folks don't depend on us. That might mean we choose not too. But, there is no real advantage is the entire ecosystem moves to strong naming.

@iancooper iancooper assigned iancooper and holytshirt and unassigned iancooper Nov 22, 2018
holytshirt pushed a commit that referenced this issue Feb 14, 2019
Adds strong naming according to Open-source library guidance #287
6959a9f 
https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming
@holytshirt
Copy link
Member

fix in v8.0.*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@holytshirt holytshirt

Labels
3 - Done Breaking Change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iancooper @holytshirt