Do Visual Studio Extensions (VSIX) need to be strong named?

Question

The default VSPackage template in the Visual Studio 2012 SDK generates a project which uses strong naming.

Because strong naming is transitive, this means that any references I add (e.g. another project in the same solution, or a third-party dependency) also need to be strong named.

Since I don't feel comfortable strong-naming third-party dependencies, I'd prefer to remove the strong naming from my VSIX.

What are the disadvantages of doing this?

Answer 1

If you are already VSIX-deployable and don't need anything in the GAC, then no, Visual Studio makes no requirement that you are strong name signed. I believe template wizards do require strong name signing, but only because they must be installed into the GAC.

I can think of a few reasons you might want to anyways: If your package exposes a public API which other extensions consume, you might be referencing a common DLL as the other people consuming your public API. You might want to strong-name sign the public interface binary, and depending upon how your projects are set up, you might have to strong name sign everything.

Also, if you didn't strong name sign, you do risk a name collision with another extension. If you created a DLL called "Package.dll" and another extension also did, and neither of you strong name signed your binaries, it's possible the CLR will get a bit confused here. So if you weren't strong name signing, make sure your assembly name is "unique enough" to avoid this risk.

For what it's worth, when we test the Roslyn language services internally, we simply do so by installing a VSIX that contains all of the Roslyn bits. A quick dig through source control history implies we didn't strong-name sign our package binaries for the first year and a half, until we eventually had to as part of the process of shipping code from Microsoft.