[Mono-list] Some questions about shared assemlies, strong names...

Luis Fernandez luifer@onetel.net.uk
Sun, 4 May 2003 20:30:08 +0100


> On 05/03/03 Luis Fernandez wrote:
> > > In mono there is something quite close to the GAC: you can specify a
> > > set of paths to directories where assemblies will be looked for
> > > (MONO_PATH). The assemblies in MONO_PATH are effectively shared.
> > > We currently don't enforce the strong names. Basically mono
> > > supports the part of the GAC that is useful;-)
> >
> > What do you mean by your statement that mono supports only the part of
> > that is usefull? So you think that the ability to transparently install
> > assemblies without having to worry about conflicts with other assemblies
> > la DLL "hell" is not usefull?
> By 'useful' I mean: what is enough for 80% of the users.
> Another 19% of the uses can be satisfied with a directory hierarchy
> like:
> $libdir/System/
> $libdir/System/1/System.dll
> $libdir/System/2/System.dll
> Where 1 and 2 are the version numbers (there may be more levels for
> the minor numbers and the cultures). This is enoguh to solve the
> versioning issue and can be coded in half an hour once the design is
> refined. MS doesn't implement this, because shared assemblies are
> required to have a strong name. The strong name is useful for 1% of the
> cases, but I think it doesn't fit the world of free software very well.
> Strong names are based on the concept of having a secret key and that of
> course doesn't match with source availability. And if you distribute the
> private key, 99% of the reason for having a strong name becomes moot
> and hence useless. So, take the GAC, remove the strong name from the
> picture and you get pretty much what mono has today (barring the
> versioned directory levels outlined above).

Yes, I agree with most of what you point out, but the GAC automates the task
of creating the different directories away from the developer. Also, it
would easy portability between assemblies designed for the MS .NET to Mono
and the other way around. Basically, with the GAC, you do not need to worry
what assemblies any other company has installed on your system.

I agree that strong signing an assembly might not make sense with open
source software, but I don't think the mono project is supposed to support
only OSS software. And in any case, why can't an OSS project sign an
assembly? This migth be a way of "guarantiing" that a compiled assembly has
been altered by any malicius 3rd party or similar. And as somebody else
pointed out in a different post, we could always implement a "dummy" key for
OSS projects so that we can deploy our software in the microsoft GAC if