Microsoft will manually review all submissions to the Windows Package Manager (Winget) repository
Last week's official release of the final build of the Linux-style Windows Package Manager by Microsoft was met with great excitement from the community. But the company seems to have only belatedly spotted an issue with its Store alternative.
The problem is that the Windows Package Manager Manifest Creator tool makes it incredibly simple to submit new package to the repository. This has results in complaints that "people are submitting bad or duplicate manifests without checking if the app already exists or not"; Microsoft has come up with a vey hands-on solution.
- KB5003214 update for Windows 10 is causing taskbar problems -- but there's a simple fix
- Microsoft releases the Linux-style Windows Package Manager v1.0 (Winget) as a Store alternative
- Microsoft releases Windows Terminal 1.9 preview with new quake mode and more
There are various postings to the Windows Package Manager GitHub pages -- including this one -- which point out that even after a very short time there are a large number of duplicate postings. The fear is that this causes confusion among potential users of Winget, and this in turn creates a sense of distrust.
The problem stems from the fact that Microsoft all but automated the process of submitting new packages. Responding to the issue, senior program manager Demitrius Nelon says:
We've seen a spike in activity with the release of Windows Package Manager 1.0.
We have stopped the automated "merge" for PRs.
Windows Package Manager team administrators will begin manually reviewing submissions to reduce the number of duplicate submissions, and manifests with sub-optimal metadata.
This discussion is intended to provide an open forum to discuss how we should move forward with moderation. Please keep the discussion positive and constructive. The need for moderation was highlighted in #14621.
We appreciate everyone's feedback and suggestions. The goal is to continue to grow a healthy community catalog of packages for the Windows Package Manager. If your suggestion is off-topic you should create another discussion topic, or if you have another feature in mind, feel free to create that new feature.
Nelon also explains something about the process of selecting moderators, as a well as indicating that a verification system is currently being worked on so that trusted developers can publish packages without delay. He writes:
The current Microsoft Store source is experimental. We're still working through the issues related to making sure we can meet all of the requirements for packages in the store, and providing the best possible end to end experience for customers. There are some subtle differences in terms of what versions of a package could be available in the community repository and the "single" version of a package available from the store. We will continue working towards "verified publishers" in the community repository, and that should help quite a bit by eliminating the need for moderation for manifests submitted by "verified publishers". That feature is actively under development.