Jon said:
I think we'll have to agree to differ.
On which part, the time it takes to sign an assembly or that there are
good reasons to sign them?
Except putting things in source control (or deciding not to), undoing
whatever VS2005 does wrong (if you tell it to sign an assembly, it
decides that even if you've told it to sign the assembly using a key
which is already under source control, it will add another copy in the
current directory) etc.
I think you are doing something wrong with VS then.
Yes, it is true
Nope. Believe me, I've run into this.
Run into what? I think I'm missing your point here.
The docs for InternalsAreVisibleTo are completely broken. You don't
need assemblies to be signed at all for it to work normally, but if
you're going to use it on a signed assembly, the assembly you're
allowing access to it has to be signed to. It's sort of as if the
production assembly references the test assembly.
I see what you mean. Without doing any signing I can create a class
library with that attribute and point it to another class library and
this second class library can see the first's private members. And the
code runs without signing any of the assemblies. Either it is broken
documentation or the implementation has a bug.
In any event, I'm not sure I understand your point w.r.t. this
attribute. You apparently don't need to sign an assembly that uses this
attribute and you apparently don't need to sign an assembly that
references an assembly with this attribute. So you can choose to sign or
not sign assemblies that use this attribute. What I don't understand is
what this has to do with my contention that it's a really good idea to
just sign everything and be done with it? How does this attribute change
that thought? (Clearly you don't agree with the concept I'm throwing out
there, but I miss how this attribute is a pro or con for the concept.)
Yes, I know.
No, you don't.
Silly me for once again believing the docs!
No: I can test a signed assembly from an unsigned assembly if I don't
need InternalsVisibleTo. I can't otherwise. Try it!
Again, what I said was due to believing the docs. I know that a signed
assembly can be tested without signing the testing assembly. I've done
that plenty of times. But this attribute has never crept into the
picture either way. But then I've primarily used NUnit and the VS'05
built-in testing stuff.
No - you've just believed the docs, which are wrong. Give it a try and
you'll see what I mean.
I just tried and see what you mean. It was certainly interesting to
learn about this attribute.
It forces me to sign something I wouldn't otherwise be forced to sign -
*if* I sign the production assembly. It's entirely relevant to the
discussion, as it's another way in which signing is viral.
I think I'm being dense. Didn't you just establish--due to a bug in the
docs--that signing isn't required for this attribute? So if I use this
attribute in the production assembly then the testing assembly does not
have to be signed. It can be, doesn't have to be. (I wouldn't call
signing assemblies "viral"; pretty odd outlook, IMO.)
I don't think it's a big, complex set of steps. I think it's a small
set of steps which is reproduced for each projects. If you've got a lot
of projects, it's a significant hit.
Well, we'll have to agree to disagree here. Taking a few seconds to
browsed to a .pfx file *once* when a project is *created* seems to me to
be a zero-effort task. But if you see those few seconds as somehow
adding up to a "significant hit" then so be it. And for the record, I've
set up the signing on a solution with close to 100 projects in it. Now
it can easily be argued that a solution should not have that many
projects (and I would agree) but it was also no big deal to add the .pfx
file to each. It would have been even quicker if this had been done from
the get-go. Oh, and all the projects always use a common ProjectInfo.cs
file (as we call them) that has the line that refers to the key file, so
no changes required there.
Managing projects is enough of a pain already (I really hate that VS
has to be told about each individual file) - I'd rather not add
anything else to that.
Again, I'll agree to disagree. Adding one file does not a pain make.
So what do you do when you run into a situation where you must sign? Say
you decide to use BizTalk? Now you have to go back and do what should
have been done to start with. Or if you happen to work on shipping code.
Do you really want to send unsigned code out into the wild and also make
you code (as distributed) unusable to a customer's signed assembly? I
can be more flexible for internal-only assemblies, until some wonderful
product like BizTalk creeps into the shop. And then there's the general
ability to place the assembly in the GAC.
I really need to sign an assembly if:
1) I need to reference it from another signed assembly
2) I have clients (of whatever nature) who need a signed assembly for
whatever reason
3) I want to put the assembly in the GAC (which I normally avoid)
So you don't like strong-named assemblies nor the GAC. Interesting view!
(Just kidding. If you can't get VS to behave for you w.r.t. key files
and if you don't like sharing assemblies in the GAC then that's your
valid take on all this.)
Do you obfuscate your code, btw?
No, never.
I seem to remember (and it would make
sense) that it makes that slightly more tricky too.
I don't see how. Signing an assembly (I think better said: giving a
strong name to an assembly) just adds a little block of metadata to the
assembly. Any obfuscator would still work the same way with an assembly
that is strong-named.
No doubt it's only
another couple of steps, but while I don't get significant benefit from
it, I'd rather not have the extra steps.
There wouldn't be any changes required to a build process that
obfuscates the resultant assemblies in order to "support" signed assemblies.
(I prefer not to obfuscate in
the first place, but...)
I certainly agree there.
I appreciate you taking the time on this topic. I really do want to know
if there is any reason for me not to sign all assemblies under my
control (i.e., where I am the decision-maker on signing or not signing)
and whether I should stop preaching "just sign everything, it makes the
most sense all around". I understand you point about adding the .pfx
file to a project when it is created, but that alone would not change my
attitude (not to say you don't have a valid point, I think we just have
different views on how difficult it is to add a file to a project one
time and how that somehow makes the project more complex.)