[Pkg-mono-devel] Non-strong-named assemblies into GAC
Mirco Bauer
meebey at debian.org
Sat Jun 21 15:44:13 UTC 2008
On Sat, 2008-06-21 at 17:34 +0200, David Paleino wrote:
> $ sn -T Mono.Nat.dll
> Mono StrongName - version 1.9.1.0
> StrongName utility for signing assemblies
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell. BSD
> licensed.
>
> Mono.Nat.dll does not represent a strongly named assembly.
> $
>
> Should I sign that assembly by myself? :)
> Or, would it be better that upstream signs it?
What about just reading the Debian CLI Policy at least once (it's not
that long)?
http://pkg-mono.alioth.debian.org/cli-policy/ch-packaging.html#s-signing
Be warned though, creating an own signing key will make the library
_not_ ABI compatible with later binaries when upstream provides a key...
It's common practice for windows developers to not ship the private key,
so generate an own one is ok (using the same key for all debian packages
should be prefered though). Linux developers usually always ship the
private key, as the linux distribution have to build from source anyhow,
and then they need a key, prefered a common one so ABI compatiblity
persists.
You should first ask upstream if the library is API stable, if not, then
all this (GAC) packaging effort is pretty useless.
--
Regards,
Mirco 'meebey' Bauer
PGP-Key ID: 0xEEF946C8
FOSS Developer meebey at meebey.net http://www.meebey.net/
PEAR Developer meebey at php.net http://pear.php.net/
Debian Developer meebey at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mono-devel/attachments/20080621/5ed8ea70/attachment.pgp
More information about the Pkg-mono-devel
mailing list