-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSI Bundle generator should honor msbuild Authors
property when setting the authors value of the resulting msi file.
#8260
Comments
The fields are backed by variables, e.g.
But the definitions like
should probably be using To be fair, I have seen external requests come in before from developers wanting to leverage parts of Arcade. While Arcade is open, I'm not sure that its original goal was to create a generic build system. There are many parts of Arcade that integrated with non-open software like Visual Studio. and would be of little value to external developers for now. I'd like for @mmitche or @markwilkie to weigh in here. |
That also depends on what those external developers are making as well. Some people want to make their own .NET Runtimes (and crossgen2 specific things to make them faster) and possibly Integrate them into Visual Studio with an separate integration package. As such even those developers would get upset if arcade stamps their packages with Another example I would use would also be Paint.NET knowing that (assuming rick wanted to reduce the need to force the program to be SCD and do this to make it FDD):
All of those would generally be solved with shipping those public apis as a runtime msi package (that can be installed in their DOTNET_ROOT and is crossgen2'd). This would solve this because now then none of the public api binaries would get copied on build unless they publish the plugins as self contained). |
I'm fine with allowing these to be properly overridden. |
Sounds good - I'm fine w/ this change too. Is the idea for you to put up a PR @AraHaan ? (please note that most of us are about to be out until the new year) |
I made the PR as draft until I can check if there are no tests for the Installers package (As I am unsure about that one). |
The change works, just for some reason it seems that when using the msi's from this change to produce an exe bundle, it then still has the issue of setting the copyright on it to |
@mmitche, @markwilkie should the PR be good to merge for now and then look into the exe bundle issue later that I posted above when there is more time after the new year? |
Okay. Let's have @joeloff take a quick look and then it should be good to merge. |
Thanks @AraHaan ! |
Welp turns out my changes also magically applies to exe bundle installers so all seems to be good on that part. My only issue now is with the part where I cannot force it to use a different installer background image on Windows. |
You'd at least need to override this, but there's probably more things that need to be customized, e.g. the theme files are very much geared for .NET, as are some messages that have been added in the .wxl files. |
Yep, there would need to be quite a bit of changes. |
Is this still something you'd like to continue working on @AraHaan ? |
yes, I even commented on the PR. |
For starters, let's say for example an .NET Foundation project uses the arcade to produce Runtime and Reference msi bundles. The resulting bundles incorrectly state
Authors: Microsoft Corporation
instead ofAuthors: .NET Foundation
for example (in case the user set the msbuild property namedAuthors
to.NET Foundation
(which I think some people do). However there is also 3rd parties who use the arcade to produce msi's and while it might be ok for thinks to hardcode it toMicrosoft Corporation
I do not think it is a good idea to hard code it as when 3rd parties use arcade to produce said msi installers, users who do not know who actually made said bundles might incorrectly assume Microsoft made them and that they are "safe" to install.This is why I find this an issue as well, anyone can add the arcade feeds into their nuget feeds and use the arcade packages to produce installers for their 3rd party code with ease. Due to that, it is never really a good idea to hard code this to begin with. This is both an issue of Trust for end users (as they would think that Microsoft made it and that it is free from malicious code (which might not always be the case)), as well as an issue where Microsoft incorrectly gets credit for things they did not make / fully own (as far as I am aware of).
The text was updated successfully, but these errors were encountered: