alt Hacker NewsIt'd be nice if they didn't recommend winget for installation though. winget is an egregious security risk that Microsoft has just like pretended follows even minimal security practices, despite just launching four years ago with no protection from bad actors whatsoever and then never implementing any improvements since.
Replies
dale_huevo • today at 3:03 AM
winget is just Windows developers' version of curl | bash. Yet another example of Microsoft copying Linux features.
➕ show 2 replies
disclaimer: I used to commit to winget a lot and now I don’t.
…but is it really less secure than brew or choco? The installers are coming from reasonably trusted sources and are scanned for malware by MS, a community contributor has to approve the manifest changes, and the manifests themselves can’t contain arbitrary code outside of the linked executable. Feels about as good as you can get without requiring the ISVs themselves to maintain repos.