
2023-09-03 12:07:18 作者:空有执念了残生

我在寻找的建议和最佳实践应用签名的程序集在一个组织中有30多个开发人员,20多个解决方案和60多个项目。我们使用Visual Studio团队系统2008和TFS。

I’m looking for recommendations and best practices for applying signed assemblies in an organization with 30+ developers, 20+ solutions and 60+ projects. We’re using Visual Studio Team System 2008 and TFS.


While creating a key and signing the assembly is a very easy and straight forward procedure, I’m concerned how we manage this the best way.


每个溶液,其通常具有3至20个项目,将具有置于溶液中的根文件夹的单一的.pfx密钥文件。 在每个解决方案都将有一个独特的强密码的钥匙。


Will we encounter any problems with that approach?


使用相同的密钥文件进行跨解决方案的所有项目。这会不会让东西更容易为我们吗?它是一个坏主意?它甚至有可能? 如果每个项目都有自己独特的钥匙吗?为什么,为什么不呢?

任何投入,好/坏的经验和建议欢迎。 :)

Any input, good/bad experiences and recommendations are welcomed. :)



In the past, I've used a single key for multiple solutions and projects very effectively. Its a simple approach that ensures that only people with access to the private key file can publish a build that passes the strong name check.


Note: To use the single key file, we found it easiest to add the file as a link to each project.


The one disadvantage I see is that having the key file available to your developers means its not quite as private as it should be. Ideally, as few people as possible (eg just the build process) should have access / know the password.


The single file approach keeps the management of the keys simple (there's only one) while still allowing for the benefits of strong naming.