[Mono-list] Some questions about shared assemlies, strong names...

Paolo Molaro lupus@ximian.com
Sun, 4 May 2003 13:18:26 +0200

On 05/04/03 Fergus Henderson wrote:
> On 03-May-2003, Paolo Molaro <lupus@ximian.com> wrote:
> > The strong name is useful for 1% of the
> > cases, but I think it doesn't fit the world of free software very well.
> > Strong names are based on the concept of having a secret key and that of
> > course doesn't match with source availability. And if you distribute the
> > private key, 99% of the reason for having a strong name becomes moot
> > and hence useless.
> I don't agree.  Having a strong name with a publically-distributed
> "private" key is still useful for dealing with name clashes.
> IMHO that is about 50% of the reason for using strong names, not 1%.

I may have not expressed myself clearly. There are two uses for strong
names, as I see it:
1) handle name clashes
2) enforcing some protection on how some assemblies are used (this needs
help from the CLR and is only meaningful for proprietary sw in a closed
environment, IMHO)

I gave a 99% relevance to point 1, because I don't find case 2 very
interesting. You assign it a 50% importance, I guess that's fine,
depends what other reasons you see for strong names, I might miss some.
So, we're back at the name clashes: how big is the problem?
I maintain that it's relevant in a tiny 1 percent of the cases, from
the number of name clashes that I saw happening, for example, with the
programs packaged for Debian. The clashes are rare, hence my 1% figure
(that refers to the 100% of use cases for shared assemblies, not strong
names) though I agree they are still an issue.


lupus@debian.org                                     debian/rules
lupus@ximian.com                             Monkeys do it better