[Mono-list] Security question

[Jonathan Pryor]

Let's take these one at a time.

On Mon, 2003-07-21 at 19:28, Jeff Bergman wrote:
> Could you explain to me, if you will be able to run assembly written
> on windows in Mono?

Yes, with some restrictions.  As long as the assembly and all
dependencies consists entirely of managed code (e.g. not Manged
Extensions to C++), and Mono has an implementation of the required
functionality (e.g. the assembly doesn't use System.Windows.Forms :-),
the assembly should execute under mono.

If it doesn't run under mono, please file a bug report.

The biggest portability issues will come from the use of Platform Invoke
(P/Invoke) -- i.e., use of the DllImport attribute.

> What about referenced assemblies public key and hash values?

Mono currently ignores those values.  Mono doesn't support strong names,
or the Global Assembly Cache (GAC), or anything related to those
topics.  Work is in progress for some of this (particularly strong name
support for signing purposes), but AFAIK it isn't a high priority. 
Check the archives for discussion about this topic.

> What these be different for the mono runtime than from the Microsoft
> runtime?

When Mono supports strong names and the GAC, these values will likely be
different than what the Microsoft runtime supports.  For running .NET
apps under Mono, Mono will likely get a "hack" to transparently map the
.NET strong names to the Mono strong names, allowing Mono to execute the
.NET apps.

The other direction (Mono-compiled assembly, running under .NET) may be
more problematic, and I don't know how to solve this particular issue.

I believe that the ECMA standard contains strong names for the core
assemblies (mscorlib.dll), but this may not mean what I think it
means...

> Or will you be asking microsoft to sign your runtime and windows forms
> assemblies?

I don't think this is particularly likely.  More of a "snowballs chance
in a supernova" likelihood, actually.

 - Jon