Microsoft missed a predictable flaw in its Windows Package Manager repo
A lot of work has gone into the Windows Package Manager repository, but it ran into issues allowed by automated approvals.
What you need to know
- Microsoft has stopped the automated merge of submissions to the Windows Package Manager repository.
- The Windows Package Manager repository contains manifest files for Windows Package Manager.
- Microsoft will now manually review submissions to reduce duplicates and submissions with issues.
After a year in preview, Microsoft released Windows Package Manager during Build 2021. The tool allows people to easily manage and install programs and packages, much like many are used to on Linux. Unfortunately, Microsoft saw a hiccup with its automated process for accepting submissions to the Windows Package Manager repository, which contains the manifest files for Windows Package Manager.
Microsoft simplified the process of submitting items to the repository with the preview release of the Windows Package Manager Manifest Creator. The tool lets people provide a URL for the installer of a package. Microsoft's Demetrius explains the tool in a devblog post (opens in new tab):
It appears that this tool made it a bit too easy to submit packages. Because it was automated, several packages were submitted that had issues. People submitted duplicate packages, created packages with installers with expiration dates, and used installers that need user input. As a result, the packages available from the repository were negatively affected.
As highlighted by The Register, the package for Apple's iCloud client, Valve's Steam runtime, and the Zoom meeting installer were all affected by poor submissions.
People flagged the issues up on GitHub, including user "KaranKad" that pointed out that people were submitting bad or duplicate manifests. KaranKad also broke down the issue in more detail and suggested solutions in another post.
Microsoft must have seen the negative affects the process was having, because it stopped the automated merge, according to Microsoft's "Denelon."
"Windows Package Manager team administrators will begin manually reviewing submissions to reduce the number of duplicate submissions, and manifests with sub-optimal metadata," says Denelon on GitHub.
It's a bit strange that Microsoft didn't forsee this issue. Having an automated process that didn't check for these types of errors was likely to lead to problems, but the team behind Windows Package Manager appears to be on top of it now.
Windows Central Newsletter
Get the best of Windows Central in your inbox, every day!
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at email@example.com (opens in new tab).
Slow clap for Microsoft. Can they do anything that doesn't flop and then needs release after release to fix the problems from its launch. I dont include Office of that remark, Office is a beaut
Rehiring the Programmatic testors and Quality Assurance team would have prevented this fiasco. The obvious caveat being - being adequately staffed and well resourced.