Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign assemblies #404

Closed
wants to merge 2 commits into from
Closed

Sign assemblies #404

wants to merge 2 commits into from

Conversation

rprouse
Copy link

@rprouse rprouse commented Feb 28, 2014

I am using octokit.net in a Visual Studio Extension, but extensions must be strongly named. Therefore, all assemblies that my extension references must also be strongly named.

I added a strong name key file and used it to sign all of the assemblies. I modified the InternalsVisibleTo accordingly.

I also added two rules to Octokit.ruleset that were causing the build to fail with dozens of errors in Visual Studio 2013. New rules or better detection? Either way, they should be easy to fix and re-add.

  • CA1811: Avoid uncalled private code
  • CA1812: Avoid uninstantiated internal classes

Everything builds and all unit tests pass.

@shiftkey shiftkey mentioned this pull request Feb 28, 2014
Closed
@shiftkey
Copy link
Member

Ok, so there's two things in here which I'll address separately:

Signing Assemblies

While I appreciate there are scenarios where assemblies need to be signed (sup VS), I'm fairly sure this isn't something we're interested in doing currently.

I'll open up an issue and let people thrash it out there (I know many people who are opposed to it, but I'll make sure they play nice).

If we were to sign these assemblies, we should do it with a proper key so that we can verify official releases.

FxCop rules

I want to fix these, rather add exclusions to the solution. Can you open an issue with some more details so we can address this correctly?

@shiftkey shiftkey closed this Feb 28, 2014
@rprouse
Copy link
Author

rprouse commented Feb 28, 2014

I figured you would might not want this, but made the changes for my needs
so offered it up. I am happy to maintain my fork for my needs. I will enter
the code analysis issue and jump into the signing debate, we had the same
one on the nunit team recently.
On 2014-02-28 12:19 AM, "Brendan Forster" notifications@github.com wrote:

Ok, so there's two things in here which I'll address separately:
Signing Assemblies

While I appreciate there are scenarios where assemblies need to be signed
(sup VS), I'm fairly sure this isn't something we're interested in doing
currently.

I'll open up an issue and let people thrash it out there (I know many
people who are opposed to it, but I'll make sure they play nice).

If we were to sign these assemblies, we should do it with a proper key so
that we can verify official releases.
FxCop rules

I want to fix these, rather add exclusions to the solution. Can you open
an issue with some more details so we can address this correctly?

Reply to this email directly or view it on GitHubhttps://github.com//pull/404#issuecomment-36322754
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rprouse @shiftkey