Is it possible to sign an MSBuild file?

Question

I've been running into the MSBuild SafeImports registry hack problem. We can't import a targets file without adding its path to the registry, otherwise Visual Studio pops up a security dialog asking for confirmation to load it.

I saw a feature request about this filed at MS Connect in 2005. An MS person replied saying that they were planning on adding the ability to sign targets files, so that you wouldn't have to add each one to the registry, every time you did a branch or created a new source control client.

Has this been implemented or are there any other alternatives to the registry hack? Perhaps in 2010? As of VS2008 it appears that MS is still populating MSBuild/SafeImports with all their own targets, so I'm guessing it's not in there yet.

Answer 1

I believe the SafeImports mechanism and that dialog have been removed in VS2010 (don't have time to try it right now on the Beta); I believe a new security mechanism just checks the trust level of the files themselves (e.g. mark-of-the-web-style, a local filesystem file is likely to be trusted whereas a file off a network share would not be). It would be worth having a look at the 2010 behavior; I think it's an improvement, though I don't recall the details. It's probably unlikely that the 2005/2008 behavior will change.