Apache log4net Strong Name Key Readme
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The log4net release builds are strongly named using the log4net.snk key 
file.  This key is different from the key used to sign log4net 1.2.10
and earlier releases.

Starting with log4net 1.2.11 we've decided to use a key that we don't
keep secret so you can build a drop-in replacement for an official
release yourself.  This means that the strong name of a log4net
assembly no longer provides any means of checking its authenticity.
The only way to ensure you are using an official release by the Apache
Software Foundation is by downloading the distribution from the Apache
log4net download page and verifying the PGP signature of the ZIP
archive.

The key used to sign those older releases is not and has never been
distributed as part of the log4net source or binary downloads.

In order to make it easier to migrate from log4net 1.2.10 to newer
releases log4net 1.2.11 we also provide builds using the key used to
sign 1.2.10.  We may stop distributing these alternative builds in the
future.

You should use the binary builds signed with log4net.snk for new
projects and only use the ones signed with "the old key" if switching
to the newer builds is not possible because other parts of your
project depend on the old strong name.