What signing method to use for public open-source projects?

Posted by Irchi on Stack Overflow See other posts from Stack Overflow or by Irchi
Published on 2010-03-26T07:43:52Z Indexed on 2010/03/26 7:53 UTC
Read the original article Hit count: 304

Filed under:
|
|
|

I'm publishing an open-source library on CodePlex, and want the dll files to have strong names so that they can be added to GAC.

What's the best option for signing?

Should I use SNK? If so, everyone have access to the key. I don't have a problem with everyone having access, but is it a good approach?

Should I use PFX? If so, does it mean that other people downloading the source code are not able to build the solution?

What I like to do is that I am the only one person to have access to the key, so that the signed assemblies also have a level of authenticity, but meanwhile don't prevent other developers to download, build, or change the source code for themselves, and be able to post changes for the main project.

© Stack Overflow or respective owner

Related posts about .NET

Related posts about signing