Devlooped.SponsorLink must not perform I/O outside of compiler APIs #10
Comments
kzu
added
wontfix
|
SponsorLink is not using any undocumented APIs. Moreover, it makes every effort to only do I/O in the context of a full IDE-only build (so, no CLI or design-time builds). For its purposes, there is just no other way to do what it does. If there is a particular performance issue you're seeing, I'd be happy to investigate. But as a generic blank request, this isn't actionable on my side. Thanks for taking a look at this though! |
|
@kzu u should lock this |
|
@kzu Why was this issue closed? |
Because he wants to keep running his spyware. |
|
@kzu I think you shouldn't ignore @sharwell's remark. Your package could be banned from NuGet for not respecting the analyzer contract.
I think there is. The SponsorLink Github app could generate a file with details about the sponsorship, and sign the file using a private key. This file would be added to the repo, and included in the project via Pros:
Cons:
I don't know enough about this project to figure out all the details, but I think it's an approach worth considering. To be clear, I'm still not sold on the whole SponsorLink approach, but I think that if it:
there would probably be much less opposition to it (of course, now that the damage is done, it might already be too late to change people's minds...) |
|
Great suggestions! They are in line with #31. I like the idea of the analyzer getting the file vía AdditionalFiles 👌 |
The Roslyn analyzer contract does not allow for analyzer I/O outside of the constructs provided by the APIs (e.g. using
AdditionalFilesto pass external data to an analyzer). Analyzers should not side-step these mechanisms, either through direct file I/O or through web invocations.The text was updated successfully, but these errors were encountered: