(Seems like it might be a useful winget feature request for it to provide Store Report URLs. ![]() Having seen this, I may boot up my personal machine and try to report this specific Store listing for violating the Store's Open Source policies, though I'm unsure if such whackamole is all that useful. (That website currently doesn't go anywhere, giving it a spot check.) For direct instance, because winget kindly includes Microsoft Store results when searching, there is a "7zip 22" in the Microsoft Store that costs some amount of money (winget details say "PaidUnknownPrice" for the pricing information I'm on a corporate machine right now with the actual Store access locked so can't search in the actual Store right now) and the Publisher is listed as. It's too bad there's still not a great option for "average user that doesn't know/trust how to use a CLI", given how sadly polluted the Microsoft Store can be for many common, especially Open Source, applications. ![]() Admittedly, it in most cases doesn't seem to be checking specific code signatures in most cases either, but at least includes SHA checksums. ![]() Virtual Dj 7 Pro Full Download is hosted at free file sharing service 4shared. Virtual Dj 7 Pro Full Download - download at 4shared. Its manifests repo is becoming a very interesting (open) source of truth for common Windows applications. Virtual Dj 7 Pro Full Download.zip Size: 55 KB. It is, of course, a terrible bootstrap for trust, but it is one so many users on Windows have been relying on for such a long time.įor power users on any modern Windows 10/Windows 11 there is at least WinGet now. I think that's part of the problem, if you don't have that package manager to bootstrap your signature key ring, DNS is your next best bootstrap. These checks give no reason to suspect it’s legitimate. Whois records are actually more convenient in general!) ![]() NS`”, and yes, you’d need to follow more steps if you were dealing with a deeper domain name. But I’m not sure if there’s any good way of asking for the actual nameservers with dig, which is basically “`dig +short zip. The two will normally match, but don’t actually have to, and in my crazy hacker dreams (you know, the ones where five dollar wrenches don’t exist) I can imagine the difference being used sneakily. nameservers what seven.zip’s nameservers are. (Aside: I believe these queries are strictly the wrong thing, asking seven.zip what its nameservers are, but you actually need to ask the zip. Whois isn’t much use any more, but registrar doesn’t match:
0 Comments
Leave a Reply. |