UI and functionality for translated "Authored by" is confusing or broken

Problem/Motivation

This is a follow up to an issue reported to the Drupal Security Team, but it's been decided this can be dealt with in a public issue.

Core's Content Translation module allows for the "Authored by" field to be translatable for a given content type (see this blog post by Gábor Hojtsy which is a few years old but still seems to reflect the current state of this functionality).

However, whether "Authored by" is set to be translatable or not, and whether the "Hide non translatable fields on translation forms" option is selected or not, it seems that the "Authored by" field always appears in the node edit/translation form and it seems like users can change the value (including the autocomplete functionality which looks up users and adds their uid to the input). Changing this value in the edit/translate form doesn't actually seem to change the value which is displayed in the "Submitted by" field when viewing the translation of the node as far as I can see, which seems quite confusing.

The "Submitted by" field displayed when viewing a node does reflect the (original?) author of the translation if "Authored by" is set to be translatable for that content type, but even in that case changing the value in the edit/translation form doesn't seem to change the user shown as having "Submitted" the translation.

This is all quite confusing for the user(s).

Steps to reproduce

• Enable Content Translation and dependencies on a blank D8 site.
• Add a 2nd language (e.g. French), leave English as the default.
• Edit content language settings (/admin/config/regional/content-language) for a content type (e.g. Article) and make "Authored by" translatable.
• Add three test users (foo, bar, baz) with no special roles.
  • for u in foo bar baz; do drush ucrt $u ; done
• Grant authenticated users permissions to Article: Create new content, Create translations, Edit translations, Translate Article content.
• As foo create a new article with some basic content in English.
• As bar translate the article into French.
• As baz observe the "Submitted by" value on the article and its translation (bar submitted it).
• As bar edit the translation of the article, and try to change the "Authored by" value to one of the other users (e.g. foo).
• As baz observe the "Submitted by" value on the article and its translation (should be foo).
• Edit the content language settings again and disable the translatable option for "Authored by" on the content type.
• Repeat the create / translate / edit steps above as the different users.
• Edit the content language settings again and enable the "Hide non translatable fields on translation forms" option.
• Observe that all of the users can still see and edit the "Authored by" field when editing translations.

Other variations on these steps include changing the "Authored by" on a translation when that field is set as translatable, but as a user other than the original author and translator. This doesn't seem to do anything. I think we've enumerated enough steps and combinations to make the point now though.

Proposed resolution

If the value cannot be changed, the field shouldn't appear in the form. If it should be possible to change the value, doing so in the edit form should be reflected in the values displayed when viewing the translation.

Remaining tasks

• Identify whether one or more bugs are causing the apparently confusing UI.
• Fix those bugs.

User interface changes

TBC

API changes

TBC

Data model changes

TBC

Release notes snippet

TBC