Warn if a build is using a package with a bug

[JohnTortugo]

I have seen more than once a repo/branch using an old version of Arcade SDK, SignTool, other packages that have bugs that we have already fixed. This have happened for a few reasons: people hardcode versions in Versions.props, we had some values hardcoded in DefaultVersion.props, etc.

I think it would be great if our build system had a way to warn (fail) a build that is trying to use a package that has a known bug.

@chcosta @mmitche @tmat @markwilkie

[markwilkie]

Maybe put this behind a config of some sort so repo owners can choose to fail or not....

[JohnTortugo]

What I think is: using a buggy package might lead to the build failing (best case) or the build succeed but nobody notice that behind the scenes something wrong happened.

[Chrisboh]

Do we have a way today to identify a package that would be considered buggy and should not be used?

[JohnTortugo]

I don't think so. At first I think we could modify BAR to store this information and Maestro API to be able to query it. We could store for instance, PackageName and range of known buggy version. Clients would then use the API check if the package getting restored is within any of the recorded ranges.