Time for a .NET GAC Certification process?

I understand the concept behind the GAC ( Global Assembly Cache
). In theory, I agree with it. However, as we all know how
developers love to show how smart they are, it is just begging to be
misused.

At my current project, we are running into all sorts of problems with
version numbers, assemblies, and the GAC. The reasoning behind
using the GAC goes like this:

  1. My company has a large number of projects
  2. A lot of code can be reused.
  3. So, let’s put the common code in the GAC.

Like I said, in theory, I understand this. I just don’t think
most companies 1 ) have the mature build and deployment process to
mange this well and 2 ) actually have code that’s SO common that it
belongs in the GAC. Aside from .NET Assemblies that are required
by MS to be in the GAC ( COM+ components being the most common ), I
have yet to hear someone make a compelling case as to why their code
needs to be in the GAC. Putting common code, without a very
mature build and release process, can really cause a lot of headaches.

The biggest problem being that different teams have different release
cycles. If one team uses v1.0.0.1 of assembly foo, and that’s in
the GAC, and another team needs to use the latest and great vesion of
foo, v1.0.0.2, what happens to the first team? Do you make them
upgrade? What happens to the old versions in the GAC? Does
anyone go back and clean them up?

Of course, these problems are nothing new to OOP / Component
platforms. Many, if not all, companies have to deal with these
types of problems.

Should MS allow access to the GAC to be more strict? Perhaps a
‘Assembly Certification’ process, similar to how MS has a certification
process for its hardward drivers. That way, nothing goes into the
GAC w/o being certified. The certification process could produce
a special public / private key combo. Of course you could turn
this certification on and off, depending on the use of the machine (
production vs. dev ). This would ensure that someone doesn’t come
along and start installing things into the GAC on a shared
server. The only tricky part would be coming up with the criteria
for certification.

I know it’s not a 100% solution to the vesioning problems described
above, but I think it would be a step in the right direction.