Researching the idea I wrote about in the last post about having ClickOnce make sure the System Admin Tool and the Installer are up-to-date - a sort of prepatch - I came across the article “Choosing Between ClickOnce and Windows Installer” where in Michael Sanford suggests using both.

I can see how it might be handy to have your install package just lay down a link to the ClickOnce app but I can see how you’ll have more to worry about. What if the “application” includes assemblies that need to be GAC’d or (in the case of my MMC 3.0 assembly) needs to have InstallUtil run against it. Or if it’s a service that needs to be registered.

The other thing I’m concerned about is this post which seems to indicate that we’ll have spring for an Authenticode cert. We already have a VeriSign cert. This is an old blog post so I’ll need to sift through the docs for resolutions or solid facts.

*UPDATE*: Reading this article (which talks about signing your application manifest), mentions that you can use “…a ‘real’ publisher certificate (that is, a Verisign one, or one that your development organization uses signed by some other trusted root authority)…” So it appears Verisign is going to work. One problem down.

I think the article does show that ClickOnce is more of tool in the Release Engineers tool box rather than an entire single path solution. And the way I plan to use it will be just to make sure the install media is up-to-date before being run.

More later