Microsoft is tightening Windows Package Manager (winget) submission rules
Microsoft released the final version of Windows Package Manager just recently. The open source program introduces package management on Windows devices. It can be used to install, update or uninstall software programs using the provided command line interface, PowerShell scripts, or third-party graphical user interface helpers.
One of the interesting features of the program is that it can be used to update the majority of installed programs on Windows at once, even if the some or even all of the applications have not been installed using the Windows Package Manager.
The default repository of the package manager is a community repository that is managed and maintained on GitHub. The submission process was automated up until now, which meant that anyone could push new programs or program versions to the repository. The process turned out to be very problematic for the quality of the repository.
The developers put automated safeguards in place but no checks for duplicates, erroneous submissions, submissions with false information, or even the submission of problematic programs. One of the main issues that the developers observed was that duplicates were submitted, and that these duplicates would often lack proper metadata information, would be program versions that were not the latest, or would have unofficial download paths. Many of the issues were discussed in the comments section here on the site when version 1.0 of the package manager was released.
The development team made the decision to stop the automatic submission process in favor of a manual review process to "reduce the number of duplicate submissions, and manifests with sub-optimal metadata". Community moderators should assist the team in the review process, and criteria for becoming a moderator are currently being discussed on the project's GitHub repository. Suggestions include selecting moderators who have contributed to the repository and helped others with their contributions.
Another idea is to get publishers involved to improve the verification process and speed up the submission process of new or updated packages.
If you want to be in full control of submissions, you need to review them manually. Microsoft recognized this and decided to switch from automated to manual submissions. That's a good thing, even though it may mean that it may take longer before new submissions or changes find their way into the repository.
Now You: have you used the Package Manager before? What is your take on the development?Advertisement