[OT] How do you deal with signing the DLLs?

[Stefan Bodewig <bo...@apache.org>]

Hi,

I'm turning to you for advice as the .NET open source project who's
community I know best 8-)

Since about a year and a half I've talen over maintaining XMLUnit
which has a Java and a .NET version.  A few weeks ago I released the
.NET version and now a user asked me to release a strongly named
version of it.

Right now I'm the only one working on XMLUnit but I'd hope this will
change in the future, so keeping the key private to myself is not a
real option.  Putting it into subversion doesn't feel right, either.

I see that you do not ship your key file with the distribution and it
seems that the keys file itself is encrypted in svn (at least this is
what I guess log4net.snk.gpg is).  How is this better than simply
sharing the .snk file between developers?  Why have you decided to do
it the way you do?

Thanks

        Stefan