CPMR0076 - Raw GitHub Icon URL Is Used (nuspec)
CPMR0076 - Raw GitHub Icon URL Is Used (nuspec)
WARNING
This rule has been marked as a Requirement.
Requirements represent the minimum quality of a package that is acceptable. When a package version has failed requirements, the package version requires fixing and/or response by the maintainer. Provided a Requirement has flagged correctly, it must be fixed before the package version can be approved. The exact same version should be uploaded during moderation review.
WARNING
This rule has not been implemented in Package Validator, and is only available in the Chocolatey Community Validation extension.
Once it has been implemented in Package Validator, the severity or behavior may be changed in the Chocolatey Community Validation extension.
Issue
In the nuspec, the Icon URL has been specified as coming from GitHub or RawGit.
Recommended Solution
Please update the Icon URL to use an Icon that is coming from a proper CDN instead of GitHub or RawGit. There are CDN providers for GitHub links that can be used, like JSDelivr and Statically.
Reasoning
GitHub has made it clear that hotlinking to raw files on GitHub should be avoided, as these are not static assets, and RawGit has shut down. See the GitHub Blog for more information.