This project is read-only.

Please sign the assemblies

May 14, 2013 at 10:03 PM
I've seen other posts about signing the extension assemblies but I’m posting a new thread to elaborate on the reasons and to give a bump to the request. Note that this post is related to using the extensions on a dev system for configuring a build template but it seems it would benefit deployment on a build server as well.

Primarily, the assemblies could be deployed to the GAC if they were signed. There are a few good reasons for doing this on a dev system:
  1. Visual Studio toolbox references could be configured to reference the assemblies from the GAC instead of as “loose” files. The recommended practice of adding these to the toolbox from the “container project” is a bad practice because toolbox references are system-wide. That is, they are not solution or project specific. Visual Studio toolbox references to files in a specific project are therefore inappropriate. But it is also fragile because the referenced project may get changed in ways that would orphan or break the Visual Studio reference and that would affect build template configuration in all other solutions.
  2. Build template XAML references to extension activities would not have to be resolved to the container project’s assemblies. If the extension assemblies were in the GAC (and the activity was creating by a toolbox item that referenced a GAC assembly) the XAML references would be set up with a strong name reference and they would resolve to the assemblies in the GAC. The benefit to this is the container project would be unnecessary. The build template could then be added to the solution as a solution file instead of a project file.
  3. To reiterate, the container project becomes unnecessary if the extension assemblies are in the GAC. Having that container project in a solution simply to help resolve XAML references is undesirable.
It would be nice to have an automated deployment process for these but that isn’t necessary. It’s easy enough to add assemblies to the GAC via gacutil. It would be ideal, for the time being, to just have them signed.

Regardless, thanks to the contributors and coordinators of this project. Your time is appreciated!
Oct 16, 2013 at 7:50 PM
Could you continue this discussion here -

Right now signing is not planned and can be actioned with a key of choice against the downloaded code

Marked as answer by mikeFourie on 10/16/2013 at 11:50 AM