Alan has a great discussion on assembly binding policies here (http://blogs.gotdotnet.com/alanshi/commentview.aspx/d4edb084-c625-4b6e-8e5c-7c2580cfcee9). I'll just talk about publish policy here.
MSDN documents how to create a publisher policy here (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconcreatingpublisherpolicyfile.asp).
Publisher Policy is carried with a Publisher Policy Assembly. The publisher policy assembly has to be installed into GAC to be visible. The publisher policy assembly's name must follow the rule: Policy.[MajorVersion].[MinorVersion].[AsmName].dll, where AsmName is the assembly your publisher policy intends to affect, and MajorVersion/MinorVersion are the version of the assembly. The publisher policy assembly has to be signed with same key that you use to sign your assembly.
Publisher Policy Assembly can have its own version independent of the original assembly. Say I have an assembly “MyAsm, version=18.104.22.168, culture=neutral, PublicKeyToken=0123456789abcdef”, my publisher policy assembly for it will have to be called Policy.1.0.MyAsm, but I can give it any version number, say 123.456.789.0. So my publisher policy assembly's full name will be “Policy.1.0.MyAsm, version=123.456.789.0, culture=neutral, PublicKeyToken=0123456789abcdef”.
If there are multiple publish policy assemblies installed for the original assembly, at runtime, we will pick up the one with the highest version number. Continue with our example above. If I installed both “Policy.1.0.MyAsm, version=22.214.171.124,...” and “Policy.1.0.MyAsm, version=123.456.789.0,...”, since the second one's version number is higher than the first one, we will pick up the second one.