Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[FEATURE REQ] Add disclosure to package(s)

See original GitHub issue

Library name

Azure.Core and Azure.Identity

Please describe the feature.

Hi,

Currently the Azure.Core and Azure.Identity package are flagged by Google Ads due to lacking a disclosure. Would it be possible to get a disclosure added to the listed packages? I am using these packages in a Blazor WASM app and trying to get google to approve our ads on the site and one of the final hurdles are proper software disclosure on all .dll that the client downloads.

I have done the experimental bundling package provided as a solution to this but I still think adding disclosures is good for a couple of reasons. One reason being that the bundler process is experimental and not fully supported. Another being that the build times with bundler process is quite large.

From what I can tell the following would help (not sure if everything is necessary)

License file (needs to also be moved into each packaged project)
In the .csproj of the package there are some properties that can be added

<PackageLicenseFile>LICENSE</PackageLicenseFile>
<Company>Microsoft</Company>
<Version>x.x.x</Version> 
<PackageIcon>someicon.png</PackageIcon>
<Authors> Whomever</Authors>
<Copyright>Copyright 2021 Microsoft</Copyright>
<PackageTags>Azure, .Net, ETC, ETC</PackageTags>
<Description>Some description</Description>
<RepositoryUrl>https://github.com/Azure/azure-sdk-for-net/</RepositoryUrl>
<RepositoryType>git</RepositoryType>

Contributing.Md
CODE_OF_CONDUCT.md
CHANGELOG.md

Thanks

Issue Analytics

State:
Created 2 years ago
Comments:9 (4 by maintainers)

Top GitHub Comments

1reaction

weshaggardcommented, Dec 10, 2021

This is the our current nuspec for Azure.Core (and should be the same for all our packages):

<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
  <metadata>
    <id>Azure.Core</id>
    <version>1.21.0</version>
    <authors>Microsoft</authors>
    <requireLicenseAcceptance>true</requireLicenseAcceptance>
    <license type="expression">MIT</license>
    <licenseUrl>https://licenses.nuget.org/MIT</licenseUrl>
    <icon>pkgicon.png</icon>
    <projectUrl>https://github.com/Azure/azure-sdk-for-net/blob/Azure.Core_1.21.0/sdk/core/Azure.Core/README.md</projectUrl>
    <description>This is the implementation of the Azure Client Pipeline</description>
    <releaseNotes>https://github.com/Azure/azure-sdk-for-net/blob/Azure.Core_1.21.0/sdk/core/Azure.Core/CHANGELOG.md</releaseNotes>
    <copyright>© Microsoft Corporation. All rights reserved.</copyright>
    <tags>Microsoft Azure Client Pipeline</tags>
    <readme>README.md</readme>
    <repository type="git" url="https://github.com/Azure/azure-sdk-for-net" commit="41707fcdb76dd4f802eb0ced18a0dd9c6250b0e6" />
    <dependencies>
      <group targetFramework=".NETFramework4.6.1">
        <dependency id="Microsoft.Bcl.AsyncInterfaces" version="1.0.0" exclude="Build,Analyzers" />
        <dependency id="System.Diagnostics.DiagnosticSource" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Memory.Data" version="1.0.2" exclude="Build,Analyzers" />
        <dependency id="System.Numerics.Vectors" version="4.5.0" exclude="Build,Analyzers" />
        <dependency id="System.Text.Encodings.Web" version="4.7.2" exclude="Build,Analyzers" />
        <dependency id="System.Text.Json" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Threading.Tasks.Extensions" version="4.5.4" exclude="Build,Analyzers" />
      </group>
      <group targetFramework=".NETCoreApp2.1">
        <dependency id="Microsoft.Bcl.AsyncInterfaces" version="1.0.0" exclude="Build,Analyzers" />
        <dependency id="System.Diagnostics.DiagnosticSource" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Memory.Data" version="1.0.2" exclude="Build,Analyzers" />
        <dependency id="System.Numerics.Vectors" version="4.5.0" exclude="Build,Analyzers" />
        <dependency id="System.Text.Encodings.Web" version="4.7.2" exclude="Build,Analyzers" />
        <dependency id="System.Text.Json" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Threading.Tasks.Extensions" version="4.5.4" exclude="Build,Analyzers" />
      </group>
      <group targetFramework="net5.0">
        <dependency id="Microsoft.Bcl.AsyncInterfaces" version="1.0.0" exclude="Build,Analyzers" />
        <dependency id="System.Diagnostics.DiagnosticSource" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Memory.Data" version="1.0.2" exclude="Build,Analyzers" />
        <dependency id="System.Numerics.Vectors" version="4.5.0" exclude="Build,Analyzers" />
        <dependency id="System.Text.Encodings.Web" version="4.7.2" exclude="Build,Analyzers" />
        <dependency id="System.Text.Json" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Threading.Tasks.Extensions" version="4.5.4" exclude="Build,Analyzers" />
      </group>
      <group targetFramework=".NETStandard2.0">
        <dependency id="Microsoft.Bcl.AsyncInterfaces" version="1.0.0" exclude="Build,Analyzers" />
        <dependency id="System.Diagnostics.DiagnosticSource" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Memory.Data" version="1.0.2" exclude="Build,Analyzers" />
        <dependency id="System.Numerics.Vectors" version="4.5.0" exclude="Build,Analyzers" />
        <dependency id="System.Text.Encodings.Web" version="4.7.2" exclude="Build,Analyzers" />
        <dependency id="System.Text.Json" version="4.6.0" exclude="Build,Analyzers" />
        <dependency id="System.Threading.Tasks.Extensions" version="4.5.4" exclude="Build,Analyzers" />
      </group>
    </dependencies>
  </metadata>
</package>

I believe we are doing everything we should for disclosure and at this point I’m not sure what else is missing. Perhaps you can follow-up more internally to figure out exactly what is missing as I don’t want to just make random changes that may or may not help you get these accepted.

1reaction

jsquirecommented, Dec 10, 2021

Thank you for your feedback. Tagging and routing to the team member best able to assist.

Top Results From Across the Web

Use of the REQUEST_INSTALL_PACKAGES permission

To use this permission, your app's core functionality must include: Sending or receiving app packages, AND; Enabling user-initiated installation of app ...

Declare package visibility needs

If you develop an Android library, you can declare your package visibility needs by adding a <queries> element in your AAR manifest file....

Best practices for prominent disclosure and consent

This article describes the best practices for providing prominent disclosure and consent requests to your app's users.

Package visibility filtering on Android

Package visibility filtering on Android. bookmark_border. Stay organized with collections Save and categorize content based on your preferences. Dismiss

Vulnerability Management New QID Feature Request ...

This document details the Qualys Threat Research Unit (TRU) business process for triage and prioritization of incoming vulnerability detection signature ...