我最近才开始享受能够签署可执行文件的乐趣。现在,我正在尝试在构建/发布过程中建立一个应该对程序集进行签名的适当位置。
我的第一直觉是尽早签名(在构建后事件中),以确保所签名的内容符合构建者的预期。
但这(在我们的例子中)要求每个开发人员都拥有对私钥的完全访问权限,这可能是不可取的。
另一个想法是仅在我们发布时才进行签名,这样签名就很少由少数人执行。但这是否太晚了?
是否存在最佳实践?
最佳答案
An organization can have a closely guarded key pair that developers do not have access to on a daily basis. The public key is often available, but access to the private key is restricted to only a few individuals. When developing assemblies with strong names, each assembly that references the strong-named target assembly contains the token of the public key used to give the target assembly a strong name. This requires that the public key be available during the development process.
You can use delayed or partial signing at build time to reserve space in the portable executable (PE) file for the strong name signature, but defer the actual signing until some later stage (typically just before shipping the assembly).
关于c# - 代码签名应该放在构建/发布过程中的什么位置?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10457752/