I'm working with you again through email, but I didn't want your forum post to feel neglected
As I've mentioned, the issue with how SmartAssembly handles versioned dependencies is a known bug (SA-31). This bug exists because SmartAssembly unfortunately has no way of knowing what paths were used by the original VS project (as they're not stored in the resulting assembly) and as a result, SA might end up using a different assembly that has a similar name even if it has a different version or is from a different location than the original (in some way though, this is actually a good thing as it would help when users are retargeting assemblies against later .Net versions). Again, I'm very sorry about this and the risk of runtime issues it might cause but at the moment, the only workaround is the MandatoryPath attribute.
However, I have just recalled a bit of a hacky workaround--if SmartAssembly cannot find youre dependencies when it first loads your project, it will prompt you to browse and point to the needed DLL. If you can hide your dependencies (i.e. move them outside of the main assembly's folder), you can then point SmartAssembly to the right DLLs.
Regarding the ability to specify MandatoryPaths from the UI, I'd also created a feature request (with SA-1591), although I do not know any timeline for this at the moment.
Hi Jessica - OK thanks for taking the time to explain this, much appreciated.
My main issue has been resolved now - you may recall we found a simple workaround.
However I am still waiting to hear back from you guys about the versioning problem.
In a nutshell I consider it inexcusable for SA to process a user's assembly and then identify dependencies that have different
versions to those referenced by the original un-obfuscated assembly.
Doing so will very rarely - if ever - result in anything other than serious and bewildering problems.
If I have an assembly A that depends on X v18.104.22.168, Y v22.214.171.124 and Z v 126.96.36.199 then after obfuscation of A I do not expect the obfuscated assembly to refer to other versions of X, Y and Z - yet SA can and does do this without warning.
I understand that SA can't know the locations of the original assemblies dependencies and that it must use some heuristic, but it should INSIST only on assemblies which have the SAME version numbers as those referenced by the original input assembly - if it can't find any then it should INFORM the user and let them choose whether to use this wrong version or browse for an alternative - not silently settle for any old assembly that hapens to have the same name with no regard to its version.
In my view this is a serious bug because we could obfuscate an assembly and ship it and find that at runtime all hell breaks loose because the wrong versions of other assemblies are being picked up.
Please can someone let me know if this is or is not deemed to be a bug because we entrust a great deal to SA.