Please provide Releases and Packages in addition to MS App

[adamency]

An open source project should use open source packaging systems in order to be trusted. Furthermore actual package managers are far more flexible and manageable for the end-user than store apps. Your program is great but it should really be installable with a simple scoop install thejoefiniconmaker. This would greatly help long term use, reinstallation, rollback, automation, etc...

@TheJoeFin Can you please consider providing build artifacts directly here in the Releases page of your project and upload your package to the open-source Windows package manager scoop ?

Thanks in advance

[TheJoeFin]

I have wanted to publish packages, but since they need to be signed it is quite the process. When submitting to the store the packages are auto signed.

Do you have any experience in signing MSIX packages?

[hawkerm]

Winget lets you install anything that's in the store pretty much already:

> winget search "Simple Icon File Maker"
Name                   Id           Version Source
----------------------------------------------------
Simple Icon File Maker 9NS1BM1FB99Z Unknown msstore

[adamency]

@hawkerm winget is NOT a package manager. It is a CLI helper for MSI installers.

• You still rely on MSI, it is just automated
• You don't get any way to transparently list artifacts and files installed by the package
• consequently you cannot exhaustively search in the repositories which package provides a specific command
• you cannot arbitrarily choose where it is installed (particularly being able to install in the local user's dir without root access)
• and most importantly as you rely on MSIs, it is not an end-to-end open-source process contrarily to what MS is trying to make you believe
• etc...

winget is simply an imitation of a package manager, but absolutely not one, unfortunately.

[TheJoeFin]

A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner. -Wikipedia

winget meets this definition of a package manager. @adamency What definition are you using?

[adamency]

@TheJoeFin

An example: https://scvs.owasp.org/scvs/v4-package-management/

in particular:

4.1 Binary components are retrieved from a package repository
4.11 Package repository provides auditability when components are updated
4.18 Package manager does not execute component code

The first two points are the main issue:

• being able to transparently see which files are gonna be installed on the filesystem
• being able to check the differences for version upgrades

being brought by the fact that the packages are built from source by package management maintainers and their content transparently accessible from the package manager.

Both these points are implemented by ALL major well known package managers, i.e. apt, yum pacman brew, etc... and scoop is the only one on Windows which provides a somewhat good implementation of it (even if still lacks some features to fully implement this specs)

Winget relying on classic windows installers which can execute any arbitrary code they want AND does not give any information about which files are gonna be added to the system, where they are gonna be added, or any other system config (daemon/services, certificates, etc...), it is simply impossible to guarantee these criterias.

Btw, I am a frequent contributor to Wikipedia, and I can tell you from first-hand experience how it is not a good source for specifications and technical definitions. But anyway, the discussion is veering towards a sterile debate, I would find it sad if this issue died based on an irrelevant technicality instead of honestly trying to listen to my point, which after much self-reflection still seem valid & objective concern to me (while I can agree that I was maybe a bit too unequivocal in my previous message)