Any risk to use VCPKG as trusted static link solution for buliding Microsoft Product #35604
gaoyangxiaozhu
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey teams,
Security and compliance efforts are Microsoft wide. So we all know that when built product solution , microsoft always need make sure the dependency is coming from microsoft trusted sources / services.
since VCPKG is also a solution provided by Microsoft team, I want to discuss here for one question - we all know VCPKG always fetch source from respository pre-defined in each
portfile.cmakewhich is not first party microsoft source repository, so it is possibile to use VCPKG as a static link solution for buliting microsft internal production, or it would break the microsoft security and compliance policy ?in other worlds, does VCPKG can be treat a trusted sources for buiding microsft product or any risks ?
Beta Was this translation helpful? Give feedback.
All reactions