Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Epic] Package Quality/Trust #12504

Open
albarry4 opened this issue Mar 24, 2023 · 0 comments
Open

[Epic] Package Quality/Trust #12504

albarry4 opened this issue Mar 24, 2023 · 0 comments
Assignees
@albarry4
Labels
Epic Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. Type:Tracking This issue is tracking the completion of other related issues.

Comments

@albarry4
Copy link
Contributor

albarry4 commented Mar 24, 2023
edited by JonDouglas
Loading

Although package quality is a somewhat subjective idea, we have seen a few important commonalities across our customer base as far as aspects of a package that help to determine its quality.

This epic tracks the work to improve the quality and quality-related requirements of packages in the NuGet ecosystem. Through customer development, we determined some key common themes:

  1. Community -- Our customers often leverage other external resources to find out a variety of different information about NuGet packages, most notably being opinions/experiences with a certain package from the larger developer community. We heard a strong desire from our customers for more of these capabilities to be built into NuGet itself.
  2. Security and Legality -- SBOMS and licensing were key components for money of our customers in determining the quality of a package. We heard a desire for this information to be made more available, and more easily discoverable.
  3. Maintenance -- How well/frequently a package is maintained was an important indicator of package quality for many customers. Again, we heard a desire for this information to be made more easily discoverable within NuGet.
  4. Tooling -- Many customers expressed frustrations with limitations in NuGet tooling that inhibited them from determining the quality of a package easily. An example of a tooling limitation is limited search functionality and limited documentation.

Affordances of trust 🤝

Verification of package owners ✅

Please 👍 or 👎 this comment to help us with the direction of this epic & leave as much feedback/questions/concerns as you'd like on this issue itself and we will get back to you shortly.

Further tracking issues will be created shortly as requirements are gathered and planned.
@albarry4 albarry4 added the Epic label Mar 24, 2023
@albarry4 albarry4 self-assigned this Mar 24, 2023
@nkolev92 nkolev92 added Type:Tracking This issue is tracking the completion of other related issues. Priority:2 Issues for the current backlog. Pipeline:Icebox and removed Priority:2 Issues for the current backlog. labels Mar 27, 2023
@JonDouglas JonDouglas mentioned this issue Jan 9, 2024
Open
8 tasks
@jeffkl jeffkl added Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. and removed Pipeline:Icebox labels Apr 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@albarry4 albarry4

Labels
Epic Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. Type:Tracking This issue is tracking the completion of other related issues.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nkolev92 @jeffkl @albarry4