-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to load PhoneNumbers.dll in signed assembly #53
Comments
This has been brought up a few times. #18, #48 and that which it references octokit/octokit.net#405 Given that it has come up a few times now I'm going to take another look at it and make sure it don't cause issue for any existing users. |
After more reading I'm thinking that this will do more harm than good and be disruptive to current consumers of the package. https://github.com/dotnet/corefx/blob/master/Documentation/project-docs/strong-name-signing.md https://www.pedrolamas.com/2016/03/01/still-strong-naming-your-assemblies-you-do-know-its-2016-right/ |
Please note that the author of the second link had second thoughts later in 2018: https://www.pedrolamas.com/2018/09/11/start-strong-naming-your-assemblies/ |
Any update? our project need this package to be strongly named as well... |
Per https://learn.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming:
This is why I haven't done this over the past years was basically that, though I hadn't seen it stated in such a succinct way by Microsoft. |
If people would get benefit of the library being nuget signed and wants to pay for the cert that could be done. |
Thanks @twcclegg,
|
Yeah if someone can prove it won't break things, but my reading of the quoted text above is that it's good to strong name libraries when they are first established but that ship as obviously sailed. I had considered publishing a v8.13.16-signed which might work as a prerelease and not break people. They do say not to add |
Hi @twcclegg - Any update on this? We need strongly named version. Thanks |
Hi Saba, per the above "if someone can prove it won't break things". I'm happy for contributions to this effort but it is not something I have time for. |
I don't need strong name signing personally, but my 2c is it's the right thing to do for libraries. The msft documentation you linked says:
Strong name signing is not a security measure, it only provides a unique identity to an assembly. The pros of strong name signing are:
The cons:
How to do it?
Conclusion:
In regards to this snippet you copied:
Yes, this is true, anybody who is updating the nuget package (eg. from v1 to v2) will need to re-compile their app. But I hardly see this as a problem. Who in their right mind updates a NuGet package by dropping in a new dll, without recompiling their software? |
Just some feedback to the quoted comment:
Applying common sense, the strong name would and likely should be applied moving forward. This would NOT impact current assemblies from previous releases and thus would not impact anyone using them. Nobody in their right mind would delay sign an in use assembly, unless it is required. In short, I am all for strong naming and it will be required moving forward in several of my own projects using this library. Perhaps the author might provide two NuGet packages, one signed and the other not. |
When depending on PhoneNumbers.dll through NuGet in a project producing a strong name signed assembly this exception is thrown each time PhoneNumbers.dll would be used:
System.IO.FileLoadException: Could not load file or assembly 'PhoneNumbers, Version=8.8.10.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. A strongly-named assembly is required. (Exception from HRESULT: 0x80131044) File name: 'PhoneNumbers, Version=8.8.10.0, Culture=neutral, PublicKeyToken=null'
This can be fixed by strong name signing PhoneNumbers.dll see PR #51
The text was updated successfully, but these errors were encountered: