__TL;DR: Get rid of "Authors" and show "Owners" instead.__
Currently when I scroll through packages in Visual Studio, there is a "Created by" field in the right panel. On first glance it seems to be the package publisher, but it is actually the author of the contents, _as set by the package publisher_. Some people set it to "Microsoft" for things like WindowsAPICodePack and to "JetBrains" for ReSharper annotations.
Given that anyone can set this to anything (correct me if I am wrong), this is in best case misleading, and in worst case dangerous.
Misleading because the level of quality I expect from Microsoft release is pretty high, and a sloppy package (even if all dlls are from MS, it can be missing some, have wrong platforms, etc) can decrease my opinion of the company (unless I go and check the uploader in web).
Dangerous because anyone can put in a malicious package "created by Microsoft", which will give false confidence to people. Such package can even contain MS dlls, but with some IL rewriting in certain places (does anyone check public tokens?).
The minimal fix would be to show the publisher in VS UI as well, and maybe highlight the cases when it is different from the author.
Sorry if this topic was already discussed, I did not find good keywords to search for.
Currently when I scroll through packages in Visual Studio, there is a "Created by" field in the right panel. On first glance it seems to be the package publisher, but it is actually the author of the contents, _as set by the package publisher_. Some people set it to "Microsoft" for things like WindowsAPICodePack and to "JetBrains" for ReSharper annotations.
Given that anyone can set this to anything (correct me if I am wrong), this is in best case misleading, and in worst case dangerous.
Misleading because the level of quality I expect from Microsoft release is pretty high, and a sloppy package (even if all dlls are from MS, it can be missing some, have wrong platforms, etc) can decrease my opinion of the company (unless I go and check the uploader in web).
Dangerous because anyone can put in a malicious package "created by Microsoft", which will give false confidence to people. Such package can even contain MS dlls, but with some IL rewriting in certain places (does anyone check public tokens?).
The minimal fix would be to show the publisher in VS UI as well, and maybe highlight the cases when it is different from the author.
Sorry if this topic was already discussed, I did not find good keywords to search for.