(no title)

I’m Iranian too and our names get people a lot more concerned.

If your name sounded English the implicit bias would make you sound more trust worthy.

I have high 2 digits of extensions in my VS Code, and yours is the only one that wouldn't have a verified publisher. And I certainly have more than one from solo developers.

Qt organization (because you mentioned it) also has verification. It displays a different message (because I haven't installed anything from them):

> The extension Qt Core is published by Qt Group. This is the first extension you're installing from this publisher.

> Qt Group has verified ownership of qt.io.

> Visual Studio Code has no control over the behavior of third-party extensions, including how they manage your personal data. Proceed only if you trust the publisher.

EDIT: I'm sure there are other extensions that are also by unverified publishers. It was the first time I was hit with that message though.

The burden isn't just when I install it, I need to validate every time it's updated as well. But let's be realistic, the fact that I intrinsically trust extensions published by Microsoft isn't any better.

> view the source code and package the extension yourself

The problem is that nobody will do that. Even if it were 500 LOC.

And this is why supply chain attacks are on the rise.