-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature]: Require package source mapping when using CPM #11505
Comments
Will this be MsBuild first so that one could finnaly get rid of |
@tebeco package source mapping currently only works when defined in |
yes my question still stands though. it's really like to avoid relying on a non flexible xml and to msbuild for most of what's possible feed list i don't understand the need of nuget.config being a non standard format (i mean not msbuild compliant). We're recreating the same problem as SLN file but this time it's named nuget.config |
@tebeco I would recommend you open a new feature request to allow package source mapping definitions to come from MSBuild instead of |
I'm curious why CPVM plays into this at all. Shouldn't this warning also be shown if not using CPVM? How does CPVM change the threat model? |
NuGet Product(s) Involved
NuGet.exe, Visual Studio Package Management UI, Visual Studio Package Manager Console, MSBuild.exe, dotnet.exe
The Elevator Pitch
To make NuGet secure by default, there should be an option to required package source mapping when using more than one feed and central package management.
Additional Context and Details
No response
The text was updated successfully, but these errors were encountered: