logging-log4net-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Walden H. Leverich" <Wald...@TechSoftInc.com>
Subject RE: Signing the log4net.dll with a digital signature
Date Thu, 15 Oct 2009 13:25:20 GMT
> You're probably mixing signing the dll for GAC (strong name), and
Authenticode as offered by Verisign and others which Michael asks for.

 

You're absolutely correct. I didn't think that one through. I was
thinking of the SN signing for the GAC, and not of the Authenticode
requirement. I concur, just build/sign your own version.

 

-Walden

 


-- 
Walden H Leverich III
Tech Software & 

BEC - IRBManager
(516) 627-3800 x3051
WaldenL@TechSoftInc.com <mailto:WaldenL@TechSoftInc.com> 
http://www.TechSoftInc.com <http://www.techsoftinc.com/> 
http://www.IRBManager.com <http://www.irbmanager.com/> 


Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)

 

From: Dag Christensen [mailto:Dag.Christensen@vismaretail.no] 
Sent: Wednesday, October 14, 2009 3:11 AM
To: Log4NET User
Subject: RE: Signing the log4net.dll with a digital signature

 

You're probably mixing signing the dll for GAC (strong name), and
Authenticode as offered by Verisign and others which Michael asks for.

 

Log4net is distributed as a strong name assembly signed by a key held by
Apache. If you recompile log4net from source and want it strong named,
you'll have to sign it with your own key. Keeping the original Apache
key private allows an end-user to verify the binary has been built from
original apache source (pgp is just an extra insurance).

 

Authenticode works on existing binaries (signtool.exe), and the process
is described here:
https://knowledge.verisign.com/support/code-signing-support/index?page=c
ontent&id=AR190

 

Since the Apache license allows you to change and distribute your own
versions of log4net (with some conditions, see 4. Redistribution at
http://logging.apache.org/log4net/license.html), you should be free to
digitally sign the binaries too.

 

Regards,

 

Dag

 

 

Fra: Michael Hablich [mailto:m.hablich@tricentis.com] 
Sendt: 14. oktober 2009 08:54
Til: Log4NET User
Emne: AW: Signing the log4net.dll with a digital signature

 

Unfortunatly not. Maybe you mean the PGP signature but I need a digital
signature for Windows DLLs. For instance Verisign issues such
signatures. I doubt the Apache foundation has such signatures because
they cost money. 

 

If I interpret the Apache license correctly it is okay to sign the DLL
with my own signature but I am not sure.

 

Von: Walden H. Leverich [mailto:WaldenL@TechSoftInc.com] 
Gesendet: Dienstag, 13. Oktober 2009 18:22
An: Log4NET User
Betreff: RE: Signing the log4net.dll with a digital signature

 

But isn't there a signed version of l4n that you can download and use?
Why sign your own?

 


-- 
Walden H Leverich III
Tech Software & 

BEC - IRBManager
(516) 627-3800 x3051
WaldenL@TechSoftInc.com
http://www.TechSoftInc.com <http://www.techsoftinc.com/> 
http://www.IRBManager.com <http://www.irbmanager.com/> 


Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)

 

From: Michael Hablich [mailto:m.hablich@tricentis.com] 
Sent: Monday, October 12, 2009 7:58 AM
To: Log4NET User
Subject: AW: Signing the log4net.dll with a digital signature

 

One prerequisite for Windows certification (for the software) is having
all deployed DLLs digitally signed wheter from the original developer or
the deployer.

 

Von: Karim Bourouba [mailto:karym6@hotmail.com] 
Gesendet: Montag, 12. Oktober 2009 13:51
An: log4net-user@logging.apache.org
Betreff: RE: Signing the log4net.dll with a digital signature

 

I would say yes, it is. But I am not sure as to why you would want to do
this?



  

________________________________

From: m.hablich@tricentis.com
To: log4net-user@logging.apache.org
Date: Mon, 12 Oct 2009 13:06:34 +0200
Subject: Signing the log4net.dll with a digital signature

Hello,

 

is it allowed to sign the log4net.dll with my own digital signature?

 

Thanks in advance,

Michael

 

 

________________________________

View your other email accounts from your Hotmail inbox. Add them now.
<http://clk.atdmt.com/UKM/go/167688463/direct/01/> 

###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.f-secure.com/


Mime
View raw message