From 7d42effdebb0faea3ba5871c52fd93961dcfdab1 Mon Sep 17 00:00:00 2001 From: toby Date: Tue, 26 Dec 2017 03:30:10 +0000 Subject: [PATCH] Add *.snk strong name key files (#2483) * Add *.snk strong name key files Strong name key files shouldn't be included in a repository AFAIK. they are intended to sign build output to verify that it comes from the correct publisher. having an *.snk in a repository would allow anyone to produce build as if they were the original publisher. I guess some OSS projects might like to have *.snk files in their repos but that would be an exception to the rule. * Make use of *.snk optional Add note explaining use. * Reduce explanation Just use a link instead --- VisualStudio.gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/VisualStudio.gitignore b/VisualStudio.gitignore index 3ecb13b9..d3d5371b 100644 --- a/VisualStudio.gitignore +++ b/VisualStudio.gitignore @@ -219,6 +219,10 @@ ClientBin/ *.publishsettings orleans.codegen.cs +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + # Since there are multiple workflows, uncomment next line to ignore bower_components # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) #bower_components/