[Moonlight-list] GAC and detecting platform code
sebastien at ximian.com
Fri Mar 13 08:55:34 EDT 2009
Two small issues we need to fix for ML2:
The GAC should not be used since it break the isolation provided by the
XAP (and compatibility with MS Silverlight). Right now our 2.1
assemblies are stored in the GAC (except mscorlib.dll iirc).
2) Platform Code
The CoreCLR security model  works because there's a clear distinction
between the "platform" (plugin provided) and the "application" (user
provided) code. AFAIK Silverlight 2.0 detect platform code using 2
(a) code location: it's not the in GAC, but stored in a single directory
(b) code signing
Since (b) is not an easy option for open source software we'll need to
rely (even more) on (a).
* short term (platform code)
Move all moonlight platform code  under the plugin moonlight
directory (i.e. same location as the downloaded codecs). By keeping a
list of known assemblies (names) this gives us a known, full path to
every platform assemblies (easy and safer to check). This also removes
part of ML dependence on the GAC.
* long term (GAC)
Make sure the GAC cannot be indirectly used by the plugin.
More information about the Moonlight-list