I think it is important to provide signed versions of the Composite WPF/Silverlight assemblies. This has been brought up before, and the answer was always "Just compile and sign the source code".
The problem is for library vendors that want to provide extensions for Composite WPF. For example, I'm building an open source library that helps with using Composite WPF. If I want to sign my library, I have to download, compile and sign the Composite WPF
library too. But that means anyone consuming my library will have to use my special version of the signed Composite WPF assemblies.
Now imagine that two open source libraries provide signed versions of the Composite WPF assemblies. The two libraries would be incompatible with each other simply because they would need different public keys. The user ends up having to recompile the universe
just because there's no strong name.
While it's nice to think users will just download composite WPF source code and learn from it without using it, I think that's quite rare. Would it be possible to ship signed assemblies? You can still ship the source code without the strong name key, so
any locally-compiled code would not be signed.