It's not entirely useless, since it's still convenient for private artifacts, but it's extremely limiting, for sure.
This mandatory authentication is quite strange decision for public NuGet packages. How it's supposed to work for big decentralized team?
So I want to start using a package from github. And I don't want to send everyone instructions how to make solution build after it. I can add repository in nuget.config to avoid everyone in team to add github source. What should I use for credentials here - seems keep it empty? But then what? Everyone in team have to create github account and do authentication? So it looks like it's usable only for personal projects.
They'd not only have to use a personal access token, but one that is scoped with "read:packages" on your repo, and SSO enabled, if applicable, so it's not just a matter convenience. I agree that it's very unfortunate.
Any news on this matter, considering the fact NPM was just bought by Microsoft (Github)?
Auth for public packages is an absolute no-go and must be resolved asap.