Florian Hockmann created TINKERPOP-2984: -------------------------------------------
Summary: Replace Moq mocking library in .NET tests Key: TINKERPOP-2984 URL: https://issues.apache.org/jira/browse/TINKERPOP-2984 Project: TinkerPop Issue Type: Improvement Components: dotnet Affects Versions: 3.6.5, 3.5.7, 3.7.0 Reporter: Florian Hockmann Assignee: Florian Hockmann There has been some controversy around the .NET mocking library that we are also using in some of our .NET unit tests: Moq. In short, a project called "SponsorLink" has been added as a DLL to the NuGet package which sends a hash of the email address of the developer building the project (meaning our unit test projects) to their server. The email address is obtained from the git config. This was done to check whether the developer is already sponsoring the Moq project and nag them otherwise to become a sponsor. This is of course a privacy issue and probably in violation of the GDPR. [This article|https://www.bleepingcomputer.com/news/security/popular-open-source-project-moq-criticized-for-quietly-collecting-data/] contains a longer explanation. While SponsorLink has already been removed again, the main author stated the intent to bring it back at a later point after finding another way without needing to send hashed email addresses. So, I think we should better switch to a different mocking library, especially since the introduction of SponsorLink was done without much (/any?) advance notification or warning. We have by the way not been affected by this as we haven't updated Moq in our repository to a version that included SponsorLink. I suggest that we migrate to [NSubstitute|https://nsubstitute.github.io/] which is another big mocking library with an even easier to use API (at least in my opinion) and very similar capabilities. -- This message was sent by Atlassian Jira (v8.20.10#820010)