[Pkg-mono-devel] Non-strong-named assemblies into GAC
David Paleino
d.paleino at gmail.com
Sat Jun 21 15:58:25 UTC 2008
On Sat, 21 Jun 2008 17:44:13 +0200, Mirco Bauer wrote:
> On Sat, 2008-06-21 at 17:34 +0200, David Paleino wrote:
> > $ sn -T Mono.Nat.dll
> > Mono StrongName - version 1.9.1.0
> > StrongName utility for signing assemblies
> > Copyright 2002, 2003 Motus Technologies. Copyright 2004-2007 Novell. BSD
> > licensed.
> >
> > Mono.Nat.dll does not represent a strongly named assembly.
> > $
> >
> > Should I sign that assembly by myself? :)
> > Or, would it be better that upstream signs it?
>
> What about just reading the Debian CLI Policy at least once (it's not
> that long)?
> http://pkg-mono.alioth.debian.org/cli-policy/ch-packaging.html#s-signing
Err... I've read it more than just once... I was just asking for a suggestion
before going by myself :)
> Be warned though, creating an own signing key will make the library
> _not_ ABI compatible with later binaries when upstream provides a key...
Ok.
> It's common practice for windows developers to not ship the private key,
> so generate an own one is ok (using the same key for all debian packages
> should be prefered though).
All Debian packages of the same Assembly, or all Debian packages you sign
by yourself? Policy says:
[the signing key] must be put into your source package and used for all
following versions of the library.
So it seems the former.
> Linux developers usually always ship the private key, as the linux
> distribution have to build from source anyhow, and then they need a key,
> prefered a common one so ABI compatiblity persists.
Ok. In this case, though, upstream just has to add a line to AssemblyInfo.cs,
since the key is there. I'll remember that for future packages, thanks.
> You should first ask upstream if the library is API stable, if not, then
> all this (GAC) packaging effort is pretty useless.
Well, this package is meant to go into experimental...
Regards,
David
--
. ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino
: :' : Linuxer #334216 --|-- http://www.hanskalabs.net/
`. `'` GPG: 1392B174 ----|---- http://snipr.com/qa_page
`- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mono-devel/attachments/20080621/6c683690/attachment.pgp
More information about the Pkg-mono-devel
mailing list