Windows Package Manager stumbles at the first hurdle

Windows 10 Logo on Laptop
(Image credit: Shutterstock - Wachiwit)

Microsoft was forced to put a stop to automatic submissions to the repository of the new Windows 10 package manager after witnessing a spike in bad and duplicate submissions. 

The command-line Windows Package Manager, also known as Winget, has been available in early access for some time, but Microsoft released its milestone 1.0 release at last week’s Build 2021 event.

Package managers, a staple of the Linux desktop, have existed on Windows in the form of third-party options such as Chocolatey. However, Microsoft has now built the functionality into the operating system itself citing developer use-cases.

At the event, Microsoft’s senior program manager Demitrius Nelon had highlighted the ease with which new packages can be submitted to Winget’s repository, with the help of a tool called the Windows Package Manager Manifest Creator.

Taking charge

Windows enthusiasts were quick to capitalize on the tool’s ease of use to submit all kinds of packages to the repository, resulting in several duplicate ones, as well as many that weren’t properly manifested.

Some users also highlighted other shortcomings of the automated submission process. One suggested that the lack of manual screening could allow mischievous users to sneak in a package claiming to install one package, while it actually installed something else.

This forced Microsoft to take charge of the automated submission process and introduce manual human moderation to check each and every submission.

"Windows Package Manager team administrators will begin manually reviewing submissions to reduce the number of duplicate submissions, and manifests with sub-optimal metadata. We have also implemented moderation to help maintain the quality of the community catalog,” said Nelon on GitHub while introducing the change in the package submission process.

Via The Register

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.