In the Microsoft.Sbom.Targets NuGet package, the MSBuild properties UnzipGuid, ShortUnzipGuidFolder, and NugetPackageUnzip should preferably be renamed to something that includes "Sbom", to minimise the risk of conflicts with properties used for other purposes.
But I wonder how necessary a random number even is here. Perhaps the value of $(NugetPackageUnzip) could be just something like $(IntermediateOutputPath)sbom.tmp with no randomness at all. That change might make the unzipped files less likely to exceed the Windows PATH_MAX limit, too.
KalleOlaviNiemitalo
commented
2 hours ago
In the Microsoft.Sbom.Targets NuGet package, the MSBuild properties
UnzipGuid,ShortUnzipGuidFolder, andNugetPackageUnzipshould preferably be renamed to something that includes "Sbom", to minimise the risk of conflicts with properties used for other purposes.But I wonder how necessary a random number even is here. Perhaps the value of
$(NugetPackageUnzip)could be just something like$(IntermediateOutputPath)sbom.tmpwith no randomness at all. That change might make the unzipped files less likely to exceed the Windows PATH_MAX limit, too.Originally posted by @KalleOlaviNiemitalo in https://github.com/microsoft/sbom-tool/issues/693#issuecomment-2341843427