Is Winget repo secure

Andreas 1,321 Reputation points
2021-11-09T23:21:33.937+00:00

Hi,

I am looking into Winget and I am wondering about security when it comes to the repository.

  1. How is the repo secure ?
  2. Who is maintaining the packages ? personal or companies ?
  3. How often is a packaged updated ?

I noticed someone complained about if you run an upgrade command (upgrade all packages), it does not suppress reboot. Could anyone confirm if that is the case?

Thanks for any reply

/R
Andy

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,847 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Demitrius Nelon 86 Reputation points Microsoft Employee
    2022-02-03T01:48:14.227+00:00

    The Windows Package Manager Community App Repository performs multiple automated scans of the packages submitted including dynamic analysis. After that has been successful, a moderator will also review the metadata before the package is added. It is primarily community maintained, so the updates for new versions of software depend on the community or the publisher to keep them current. We have provided tooling to help publishers automate the process using https://github.com/microsoft/winget-create.

    1 person found this answer helpful.
  2. Limitless Technology 39,661 Reputation points
    2021-11-11T10:46:52.157+00:00

    Hi there,

    The security of winget is same as that of apps that you get from the store .
    The winget client is distributed within the App Installer package, which is pre-installed on Windows. When you go to the Microsoft Store, you can simply update the App Installer and the winget command line tool will be installed.

    All antivirus that you use to scan the PC will scan the apps that you install from the winget too, and the update is same as that of the apps that gets installed from the store.

    You can get more info from here https://video2.skills-academy.com/en-us/windows/package-manager/winget/

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments
  3. Andreas 1,321 Reputation points
    2021-11-11T13:17:32.38+00:00

    Hi,

    Thanks for the answer @Limitless Technology

    One other question then related to Winget but also to Endpoint Manager and Microsoft Store.

    Microsoft is ending support for Microsoft Stores for Business "soon" and want companies to start using Microsoft Store.
    If I today want to deploy and app from Microsoft Stores for Business I can search and easily deploy this app from https://businessstore.microsoft.com and Endpoint Manager.

    Now If I want to deploy a app from Microsoft Store, then when I login to Endpoint Manager > Apps> I have to apply Appstore URL I guess, but will this application be regularly updated without user interaction ?

    As of today we are using public repo chocolatey to deploy several applications to Company Portal, so users can select which one they want to install, and we have configured a script that will updates these packages when a client reboot. If we want the same thing to work with Microsoft Store, do we need to Install Winget ? I am struggling to see what's the best solution here...

    Comments ?

  4. creative_coder 0 Reputation points
    2024-11-02T14:36:01.91+00:00

    Also, why aren't all store apps on winget? "Microsoft Store" I can't get Netflix, etc...?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.