The NAnt build script for NMock creates a new name each time NMock is compiled.
Common practice is to create one strong name key that is kept private by the developers and sign all official release with this key. Thus, if an unofficial release is made, it cannot be signed with the official NMock key.
The way you designed it, a new public key would appear for each release and users cannot validate whether their NMock binaries are from an official release short of checking the public key hash against the hashes of all releases ever made.
Log in to post a comment.