[Pkg-mono-devel] Non-strong-named assemblies into GAC

Mirco Bauer meebey at debian.org
Sat Jun 21 15:44:13 UTC 2008


On Sat, 2008-06-21 at 17:34 +0200, David Paleino wrote:
> $ sn -T Mono.Nat.dll 
> Mono StrongName - version 1.9.1.0
> StrongName utility for signing assemblies
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell. BSD
> licensed.
> 
> Mono.Nat.dll does not represent a strongly named assembly.
> $
> 
> Should I sign that assembly by myself? :)
> Or, would it be better that upstream signs it?

What about just reading the Debian CLI Policy at least once (it's not
that long)?
http://pkg-mono.alioth.debian.org/cli-policy/ch-packaging.html#s-signing

Be warned though, creating an own signing key will make the library
_not_ ABI compatible with later binaries when upstream provides a key...

It's common practice for windows developers to not ship the private key,
so generate an own one is ok (using the same key for all debian packages
should be prefered though). Linux developers usually always ship the
private key, as the linux distribution have to build from source anyhow,
and then they need a key, prefered a common one so ABI compatiblity
persists.

You should first ask upstream if the library is API stable, if not, then
all this (GAC) packaging effort is pretty useless.

-- 
Regards,

Mirco 'meebey' Bauer

PGP-Key ID: 0xEEF946C8

FOSS Developer    meebey at meebey.net  http://www.meebey.net/
PEAR Developer    meebey at php.net     http://pear.php.net/
Debian Developer  meebey at debian.org  http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mono-devel/attachments/20080621/5ed8ea70/attachment.pgp 


More information about the Pkg-mono-devel mailing list