Pin to a stable pe-parse version

trailofbits / uthenticode

A cross-platform library for verifying Authenticode signatures

https://trailofbits.github.io/uthenticode/

MIT License

136 stars 33 forks source link

Pin to a stable pe-parse version #12

Closed woodruffw closed 4 years ago

woodruffw commented 4 years ago

We should build against a stable pe-parse release, and reconfigure dependabot to bump the submodule on tags only.

woodruffw commented 4 years ago

This isn't possible with dependabot at the moment (https://github.com/dependabot/dependabot-core/issues/1639), so we should use CMake's ExternalProject to handle this instead.

woodruffw commented 4 years ago

Alternatively, we could look into packaging pe-parse using conan or vcpkg. These might be preferable, since they'd be reusable/consumable by third parties as well.

woodruffw commented 4 years ago

Update: vcpkg support is in progress: microsoft/vcpkg#11012.