Currently, the leak detection infrastructure only poisons the previously-source-built nupkgs. We've talked with the runtime team and we also shouldn't ever be shipping reference assemblies - we can augment the poison reporting to detect these to help with this goal:
- MarkAndCatalog task should include the ref packages to record the hashes of those assemblies as well.
- CheckForPoison should include a new
PoisonType, ReferenceAttribute or similar, that checks for the ReferenceAssembly attribute on shipped assemblies.
Currently, the leak detection infrastructure only poisons the previously-source-built nupkgs. We've talked with the runtime team and we also shouldn't ever be shipping reference assemblies - we can augment the poison reporting to detect these to help with this goal:
PoisonType,ReferenceAttributeor similar, that checks for theReferenceAssemblyattribute on shipped assemblies.