Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[Feature]: Add More Granular Abuse Report Categories for NuGet Packages #10233

Open
JonDouglas opened this issue Oct 20, 2024 · 2 comments
Open

Comments

@JonDouglas
Copy link
Contributor

Related Problem

No response

The Elevator Pitch

Context

During a discussion with Microsoft Legal, we explored the idea of NuGet adopting a more transparent DMCA takedown process similar to GitHub's (GitHub DMCA repository). This would allow NuGet to provide greater visibility into DMCA complaints and improve transparency within the .NET OSS ecosystem.

Proposal

In addition to implementing a transparent DMCA process, it would be beneficial to improve the granularity of abuse reporting categories for NuGet packages. The current reporting categories, such as those shown in NuGet's reporting system (e.g., copyright infringement, malicious code, hate speech), are broad but could benefit from additional specificity to address issues commonly faced by the community when they don't "trust" a package.

Suggested Report Categories:

To further support transparency and trust within the ecosystem, consider adding additional categories like:

  • Impersonation or misleading information – For packages that mislead users about their origin or author.
  • Dependency hijacking/typosquatting – For packages mimicking trusted libraries to exploit users.
  • License violations – For misuse of open-source licenses.
  • Abandonware/Outdated package – For packages that have been abandoned by the maintainer and could pose trust or functionality issues.

Benefits

By expanding these categories and adopting a transparent DMCA reporting process, NuGet can better support users in maintaining trust within the ecosystem. The additional abuse categories would allow users to more accurately describe their concerns and help the platform address issues more effectively, enhancing overall package reliability and security.

One such thought is enough reports by the community for impersonation, hijacking, license violations, etc would have NuGet being able to take more proactive action while DMCA processes are figured out in parallel due to community concern and NuGet's current ToS.

Additional Context and Details

No response

@erdembayar
Copy link
Contributor

^ @drewgillies

@drewgillies
Copy link
Contributor

@erdembayar I've removed the customer issue label as we don't wish to track this as an issue raised by a customer. We can discuss if necessary.

# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

No branches or pull requests

3 participants