Re: Delayed Signing, the GAC, and Installations
From: Nicole Calinoiu (calinoiu)
Date: 11/13/04
- Previous message: Michael Herman \(Parallelspace\): "SharePoint security/vulnerability assessment?"
- In reply to: Bill: "Re: Delayed Signing, the GAC, and Installations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Nov 2004 15:18:37 -0500
"Bill" <nospam@devdex.com> wrote in message
news:uUHs4WEyEHA.3224@TK2MSFTNGP14.phx.gbl...
> Todd, you make a good point and that may be what I do. Thanks.
>
> Nicole, I also see your point, and I'd like to get more information from
> you. I'm guessing that the development team should not be responsible
> for signing the assemblies. They should use delay-signing with the
> public key, and then QA or whatever team is responsible for testing
> should handle the signing of the assemblies before generating the
> Installation packages.
Well, that all depends on your process and who you think can be trusted with
the private key. Personally, I think it's a wee bit odd to have QA either
signing assemblies or generating installation packages, but maybe it makes
sense in your organization.
To be honest, I'm also not quite sure why you object to manually building up
the content list for a setup project. It's a bit more work (say, maybe 1/2
an hour more for a medium-large project), but this extra work only needs to
be done once, and the extra control over package content can sometimes save
time troubleshooting later on. I've been creating setup projects this way
for quite some time now, and I really don't see it as much bother at all.
> If that's the case, how can I work the eventual
> signing of the assemblies by QA into an automated build process? I am
> using BuildIt
> (http://msdn.microsoft.com/library/en-us/dnbda/html/tdlg_app.asp?frame=t
> rue) to automate the build. Todd's sugguestion would work but it would
> also make the signing part of the development process which, like you
> said, goes against the goal of delay-signing.
Again, the whole setup seems a wee bit odd to me, but I guess it depends on
the role of QA in your organization. In mine, QA works against installed
applications in order to ensure that both the applications and their
installation-time configurations are tested. QA would never need to compile
or sign an application, nor would they build installation packages.
>
> Thanks guys!
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
- Previous message: Michael Herman \(Parallelspace\): "SharePoint security/vulnerability assessment?"
- In reply to: Bill: "Re: Delayed Signing, the GAC, and Installations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
