Open
Description
dotnet/extensions#2744 details a break that occurred when dotnet core 3.1.0 shipped yesterday. Some packages had added embedded icons...but had two entries.
This item covers a new validation rule - "catch the duplicate zip item' problem. (note, pay attention to encoding too... "foo bar" and "foo%20bar" as item names get extracted to the same file. How should we treat that?
It also needs several places to run... sketch of plan is below:
They use some components of the dotnet pack
codepath, but avoided a validation that our pack code already does.
As part of our PackageQuality epic that is coming up soon on our backlog, we have plans to:
- have a set of concrete guidelines for package quality.
- increase validations at
dotnet pack
time - add a new entry point to CLI to allow people who custom pack packages to get most of our validation rules run -
nuget verify -all foo.nupkg
- do more validations on the server when nuget.org gets packages submitted
- nuget.org and vs package manager UI would show a grade (or similar) to show how great (or not) a package is.