Microsoft was forced to put a stop to automatic submissions to the repository of the new Windows 10 package manager after witnessing a spike in bad and duplicate submissions.
Package managers, a staple of the Linux desktop, have existed on Windows in the form of third-party options such as Chocolatey. However, Microsoft has now built the functionality into the operating system itself citing developer use-cases.
- Take a look at these best laptops for business
- These are the best Windows 10 pro laptops
- Need something more portable? Check out the best mobile workstations
At the event, Microsoft’s senior program manager Demitrius Nelon had highlighted the ease with which new packages can be submitted to Winget’s repository, with the help of a tool called the Windows Package Manager Manifest Creator.
Windows enthusiasts were quick to capitalize on the tool’s ease of use to submit all kinds of packages to the repository, resulting in several duplicate ones, as well as many that weren’t properly manifested.
Some users also highlighted other shortcomings of the automated submission process. One suggested that the lack of manual screening could allow mischievous users to sneak in a package claiming to install one package, while it actually installed something else.
This forced Microsoft to take charge of the automated submission process and introduce manual human moderation to check each and every submission.
"Windows Package Manager team administrators will begin manually reviewing submissions to reduce the number of duplicate submissions, and manifests with sub-optimal metadata. We have also implemented moderation to help maintain the quality of the community catalog,” said Nelon on GitHub while introducing the change in the package submission process.
- These are the best laptops for programming
Via The Register