Assembly does not have a strong name

[dfederm]

Without a strong name, a strong-named project will get this error.

CS8002: Referenced assembly 'Microsoft.ComponentDetection.Contracts, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have a strong name.

You just need to generate an snk at the root of the repo (let's say StrongName.snk), and add this to Directory.Build.props:

    <SignAssembly>true</SignAssembly>
    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)StrongName.snk</AssemblyOriginatorKeyFile>

[cobya]

Did some preliminary investigation and work on the cobya/StrongName branch.

This work is blocked pending strong name assembly releases of the Docker.DotNet (see Can you provide a strong name for the Nuget package? · Issue #403 · dotnet/Docker.DotNet (github.com)) and SemVer (see Create nuget package with strong name · Issue #23 · maxhauser/semver (github.com)).

Additionally, this would be considered a binary breaking change per Breaking changes and .NET libraries | Microsoft Docs so we will need to investigate usage by our package consumers and release this as a new major version.

[JamieMagee]

@dfederm can I ask what's the driving force behind strong-naming? I'm getting pushback upstream when asking for strong-named assemblies, most recently pointing to https://github.com/dotnet/docs/issues/22412

[dfederm]

Strong-naming is viral. Anyone who depends on your assemblies and needs to be strong-named requires that you also be strong-named.