Windows Package Manager stumbles at the first hurdle
The automated packaging process exposed the Windows Package Manager to all kinds of abuse
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsoftwas forced to put a stop to automatic submissions to the repository of the newWindows 10package manager after witnessing a spike in bad and duplicate submissions.
The command-line Windows Package Manager, also known as Winget, has beenavailable in early accessfor some time, but Microsoft released its milestone 1.0 release at last week’sBuild 2021event.
Package managers, a staple of theLinuxdesktop, have existed on Windows in the form of third-party options such as Chocolatey. However, Microsoft has now built the functionality into theoperating systemitself citing developer use-cases.
At the event, Microsoft’s senior program manager Demitrius Nelon had highlighted the ease with which new packages can be submitted to Winget’s repository, with the help of a tool called the Windows Package Manager Manifest Creator.
Taking charge
Windows enthusiasts were quick to capitalize on the tool’s ease of use to submit all kinds of packages to the repository, resulting in several duplicate ones, as well as many that weren’t properly manifested.
Some users also highlighted other shortcomings of the automated submission process. One suggested that the lack of manual screening could allow mischievous users to sneak in a package claiming to install one package, while it actually installed something else.
This forced Microsoft to take charge of the automated submission process and introduce manual human moderation to check each and every submission.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Windows Package Manager team administrators will begin manually reviewing submissions to reduce the number of duplicate submissions, and manifests with sub-optimal metadata. We have also implemented moderation to help maintain the quality of the community catalog,” said Nelon on GitHub while introducing the change in the package submission process.
ViaThe Register
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success
