MefContrib dll should be strong named

Jan 12, 2012 at 10:04 PM

Would it be possible to give the MefContrib dlls strong names?  I have a library for which I would like to reference MEF contrib but I can't because MefContrib doesn't is not signed.

Coordinator
Jan 12, 2012 at 11:01 PM

I would suggest that you sign it with your own keys. Nothing good can come from forcing everybody to use a strong named MEF Contrib dll

Jan 13, 2012 at 2:13 AM

Not sure I understand.  Don't you have it backwards?  Because you are not signing your .dll, I am unable to consume it unless I stop signing mine.

Jan 20, 2012 at 3:47 PM

Any thoughts on this?

Coordinator
Jan 20, 2012 at 9:05 PM

The shortest answer I can give is that this will often lead to an upgrade path nightmare. We sign ours, so our 3rd party dependencies needs to sign their (many of which are OSS themselves).. we start getting binding redirects everywhere, multiple version of the same assembly.. for the most part I just don't see the benefit.

If you have a real need (which I can understand because of corporate policies etc) then you can easily download the source, build and sign it yourself. That is the beauty of open-source. It doesn't really matter if we sign it or if you sign it, right? The only reason you need this to be signed is because your own assembly is signed, not because you really need to make sure that the mef contrib assemblies originates from a trusted source.

Unless I am missing something here ?

Thanks

 

/Andreas