-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Zip][Portable] New package: WindowsPostInstallWizard.UniversalSilentSwitchFinder version 1.5.0.0 #80300
[Zip][Portable] New package: WindowsPostInstallWizard.UniversalSilentSwitchFinder version 1.5.0.0 #80300
Conversation
/AzurePipelines run |
Azure Pipelines successfully started running 1 pipeline(s). |
Url validation error
|
Hello @Trenly, The package manager bot determined there was an issue with some of the URLs included in the manifest file. Please check the pull request for more details and make sure the urls are correct. Template: msftbot/validationError/urls/smartScreen |
/AzurePipelines run |
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @Trenly, The package manager bot determined changes have been requested to your PR. Template: msftbot/changesRequested |
Isn’t that the entire purpose of the pipeline and the malware scans though, is to catch when potentially malicious software links are used? USSF has been around since 2011, and I know that myself and others who use winget are familiar enough with the package to know that it is safe. And, if it ever were to be compromised, that is why there is hash validations |
USSF is great, but SoftPedia isn't trustable. |
I’m not saying that SoftPedia is trustable as a whole. I'm saying that in certain cases where we know the package is safe, there are checks in place that would prevent bad updates. In fact, no publiser website is truly "trustable", not even Microsoft's. All websites are vulnerable to compromise. Certainly SoftPedia being open to all increases the chances of the site hosting malware, but that doesn’t mean all packages are malware. We know USSF is safe, and if the hash were ever to change then it would be blocked from installing without using the force parameter. |
Hello @Trenly, One or more of the installer URLs doesn't appear valid. This may happen for sites with policies prohibiting distribution or use by third parties. This may happen for URLs pointing to domains that do not align with the publisher domain or package domain. If you could provide supporting evidence from the publisher that the URLs for the installer are correct, that would help us to validate and approve this PR. Template: msftbot/validationError/urls/domain |
I can say that the publisher of that on Softpedia, wpiw.net, is blocked by MSIT as a malware site. Doesn't make me feel a warm and fuzzy inside. Calling for an adult. @denelon ! |
Azure Pipelines successfully started running 1 pipeline(s). |
@denelon - Blocking Issue on .zip please |
Hello @Trenly, The package manager bot determined that the metadata was not compliant. Please verify the manifest file is compliant with the package manager 1.2 manifest specification. You could also try our Windows Package Manager Manifest Creator or the YamlCreate script. For details on the specific error, see the details link below in the build pipeline. Template: msftbot/validationError/manifest/metadata |
Hello @Trenly, This package appears to reference a compressed .zip archive rather than an installer. This PR is blocked until support for .zip is implemented in: Template: msftbot/blockingIssue/zipInstaller |
This package will be used as a test example for the portables in zip feature. This manifest will be checked in manually as zip manifests are not yet supported in validation. This also means that the latest stable 1.3 client will not be able to install this package as .zip is not yet supported in that version. |
Hello @ryfu-msft! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
Hello Trenly, Template: msftbot/validationCompleted |
Publish pipeline succeeded for this Pull Request. Once you refresh your index, this change should be present. |
winget validate --manifest <path>
?winget install --manifest <path>
?Microsoft Reviewers: Open in CodeFlow