[question] Define ManagePackageVersionsCentrally in other files

balteravishay / scorecard

Security Scorecards - Security health metrics for Open Source

Apache License 2.0

1 stars 0 forks source link

[question] Define ManagePackageVersionsCentrally in other files #10

Closed balteravishay closed 1 month ago

balteravishay commented 1 month ago

When exploring this repo we notice that ManagePackageVersionsCentrally is defined in Directory.Build.props file instead of in Directory.Packages.props as documented here. should this be supported/expected behaviour?

JonDouglas commented 1 month ago

this is supported behavior. Really any .props file is okay by MSBuild but we encourage people to use Directory.packages.props file as more features are detecting that file.

I think we ought to only check for the latter for CPM because we'd want people to move to the proper file rather than the old ways/hacks they are using still.

aortiz-msft commented 1 month ago

this is supported behavior. Really any .props file is okay by MSBuild but we encourage people to use Directory.packages.props file as more features are detecting that file.

I think we ought to only check for the latter for CPM because we'd want people to move to the proper file rather than the old ways/hacks they are using still.

+1 to this.