468,780 Members | 2,319 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,780 developers. It's quick & easy.

Any reason NOT to strong-name an assembly?

Can anyone think of a reason why a 3rd party vendor writing .NET components
would NOT strong name their assemblies? What harm does adding a strong-name
to assembly present - I would think none whatsoever.

Strong-naming the assembly should benefit the end user just in case he/she
wants to reference the assembly in another strong-named assembly or add it
to the GAC. If you were a third-party vendor, would you strong-name your
assemblies??

Any feedback is appreciated.

Thanks

TJ
Jul 21 '05 #1
10 2412
Well, one issue is that if they use auto versioning, all projects using the
assembly would need to be recompiled every time the vendor's dll was
changed. Of course a solution would be to fix the version - which should
probably happen anyway.

But I agree with you. If I am buying a component from a vendor, I would
expect it to be strong named, otherwise I would question the vendor's
knowledge of what they are doing and their professionalism if they didn't do
this.

"Tony Jones" <to*******@junk.hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Can anyone think of a reason why a 3rd party vendor writing .NET
components
would NOT strong name their assemblies? What harm does adding a
strong-name
to assembly present - I would think none whatsoever.

Strong-naming the assembly should benefit the end user just in case he/she
wants to reference the assembly in another strong-named assembly or add it
to the GAC. If you were a third-party vendor, would you strong-name your
assemblies??

Any feedback is appreciated.

Thanks

TJ

Jul 21 '05 #2
Hi,

Tony Jones wrote:
If you were a third-party vendor,
would you strong-name your assemblies??


Yes, definitely. No good reason not to do so.

--
Patrick Philippot - Microsoft MVP
MainSoft Consulting Services
www.mainsoft.fr
Jul 21 '05 #3
Tony Jones <to*******@junk.hotmail.com> wrote:
Can anyone think of a reason why a 3rd party vendor writing .NET components
would NOT strong name their assemblies? What harm does adding a strong-name
to assembly present - I would think none whatsoever.


It forces anything that references your assembly to also be strongly
named, doesn't it? That adds complications for people who want to use
the assemblies but don't have any need for strong names.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #4
Jon Skeet [C# MVP] wrote:
It forces anything that references your assembly to also be strongly
named, doesn't it?
No.
That adds complications for people who want to use
the assemblies but don't have any need for strong names.


Try strong-naming an assembly with unsigned references.

--
There are 10 kinds of people: those who understand binary and those who
don't.
Jul 21 '05 #5
Frank Oquendo <fo******@gmail.com> wrote:
Jon Skeet [C# MVP] wrote:
It forces anything that references your assembly to also be strongly
named, doesn't it?


No.


Hmm. MSDN says:

<quote>
Note All assemblies that reference types in a strong-named assembly
must also have a strong name.
</quote>

On the other hand, presumably all the standard .NET assemblies are
strong-named, and clearly referencing them isn't a problem...
That adds complications for people who want to use
the assemblies but don't have any need for strong names.


Try strong-naming an assembly with unsigned references.


Indeed. I wonder whether that's what MSDN was *trying* to say, but got
it the wrong way round....

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #6
Jon Skeet [C# MVP] wrote:
Hmm. MSDN says:

<quote>
Note All assemblies that reference types in a strong-named assembly
must also have a strong name.
</quote>

On the other hand, presumably all the standard .NET assemblies are
strong-named, and clearly referencing them isn't a problem...


Hi Jon,

I think it's a documentation bug. I can obviously reference strong-named
assemblies from other assemblies not having a strong name.

IMHO, they actually meant that a strong-named assembly can only
reference other strong-named assemblies. For security reasons.

--
Patrick Philippot - Microsoft MVP
MainSoft Consulting Services
www.mainsoft.fr
Jul 21 '05 #7
hi, no it is not a documentation bug but rather a
missunderstanding. To keep the tamper protection
on the "entire" system the client also has to have
a strongname. But if it don't we still get the strongname
checks during load of all the strongnamed assemblies.

The statement in msdn is true from a security point of
view but not from the developers point.

regards
Daniel
"Patrick Philippot" wrote:
Jon Skeet [C# MVP] wrote:
Hmm. MSDN says:

<quote>
Note All assemblies that reference types in a strong-named assembly
must also have a strong name.
</quote>

On the other hand, presumably all the standard .NET assemblies are
strong-named, and clearly referencing them isn't a problem...


Hi Jon,

I think it's a documentation bug. I can obviously reference strong-named
assemblies from other assemblies not having a strong name.

IMHO, they actually meant that a strong-named assembly can only
reference other strong-named assemblies. For security reasons.

--
Patrick Philippot - Microsoft MVP
MainSoft Consulting Services
www.mainsoft.fr

Jul 21 '05 #8
Be careful if you serialize types from that assembly, say to disk files or
over .NET Remoting. The deserialization will require the exact same matching
assembly, so changing the strong name later (or assembly version) can cause
some difficulty. Just something to be aware of.
--
Phil Wilson
[Microsoft MVP-Windows Installer]
Definitive Guide to Windows Installer
http://apress.com/book/bookDisplay.html?bID=280

"Tony Jones" <to*******@junk.hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Can anyone think of a reason why a 3rd party vendor writing .NET
components
would NOT strong name their assemblies? What harm does adding a
strong-name
to assembly present - I would think none whatsoever.

Strong-naming the assembly should benefit the end user just in case he/she
wants to reference the assembly in another strong-named assembly or add it
to the GAC. If you were a third-party vendor, would you strong-name your
assemblies??

Any feedback is appreciated.

Thanks

TJ

Jul 21 '05 #9
Patrick Philippot <pa***************@mainsoft.xx.fr> wrote:
Hmm. MSDN says:

<quote>
Note All assemblies that reference types in a strong-named assembly
must also have a strong name.
</quote>

On the other hand, presumably all the standard .NET assemblies are
strong-named, and clearly referencing them isn't a problem...
I think it's a documentation bug. I can obviously reference strong-named
assemblies from other assemblies not having a strong name.


Yup. I'm not sure why I went with MSDN rather than applying common
sense :)
IMHO, they actually meant that a strong-named assembly can only
reference other strong-named assemblies. For security reasons.


Indeed.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #10

"Phil Wilson" <pd*******@nospam.cox.net> wrote in message
news:uO**************@TK2MSFTNGP10.phx.gbl...
Be careful if you serialize types from that assembly, say to disk files or
over .NET Remoting. The deserialization will require the exact same
matching assembly, so changing the strong name later (or assembly version)
can cause some difficulty. Just something to be aware of.
You can control this by implementing a SerializationBinder - it allows you
to tell the deserializer which version of a type to use.
--
Phil Wilson
[Microsoft MVP-Windows Installer]
Definitive Guide to Windows Installer
http://apress.com/book/bookDisplay.html?bID=280

"Tony Jones" <to*******@junk.hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Can anyone think of a reason why a 3rd party vendor writing .NET
components
would NOT strong name their assemblies? What harm does adding a
strong-name
to assembly present - I would think none whatsoever.

Strong-naming the assembly should benefit the end user just in case
he/she
wants to reference the assembly in another strong-named assembly or add
it
to the GAC. If you were a third-party vendor, would you strong-name your
assemblies??

Any feedback is appreciated.

Thanks

TJ


Jul 21 '05 #11

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

53 posts views Thread by dterrors | last post: by
94 posts views Thread by Gabriel Zachmann | last post: by
129 posts views Thread by Torbjørn Pettersen | last post: by
3 posts views Thread by Mr. T. | last post: by
9 posts views Thread by David Trimboli | last post: by
1 post views Thread by CARIGAR | last post: by
2 posts views Thread by Marin | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.