Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

P.S.A. Packages with explicit agreements in manifests removed #131328

Closed
denelon opened this issue Dec 19, 2023 · 11 comments
Closed

P.S.A. Packages with explicit agreements in manifests removed #131328

denelon opened this issue Dec 19, 2023 · 11 comments
Labels
Public-Service-Announcement

Comments

@denelon
Copy link
Contributor

denelon commented Dec 19, 2023
edited

Several packages were passing explicit arguments representing agreements to the installers to achieve a silent install. These packages are being evaluated to see if they will succeed with a non-interactive configuration with those explicit arguments removed. If they will not succeed, they will be removed.

We are working on a short-term solution to allow agreements in packages for the community repository. We will require agreement Title(s) and URL(s) when these switches are required. The agreement text will still be gated by the verified developer feature.
@denelon denelon pinned this issue Dec 19, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Triage This work item needs to be triaged by a member of the core team. label Dec 19, 2023
@denelon denelon removed the Needs-Triage This work item needs to be triaged by a member of the core team. label Dec 19, 2023
@Trenly
Copy link
Contributor

Trenly commented Dec 19, 2023
edited

Affected Packages
  • Atlassian.Sourcetree (Wix Installers only)
  • Bitvise.SSH.Client
  • Bitvise.SSH.Server
  • ESET.Nod32
  • ESET.Security
  • IDRIX.VeraCrypt
  • KhronosGroup.VulkanSDK
  • Kingsoft.KingsoftPDF (1 Version)
  • Kingsoft.WPSOffice.CN
  • Microsoft.PowerAutomateDesktop
  • Microsoft.PowerBI
  • Microsoft.PowerBI.DesktopReportServer
  • Microsoft.PowerBI.ReportBuilder
  • Microsoft.ServiceFabricRuntime
  • Microsoft.SQLServer2012NativeClient
  • NhekoReborn.Nheko
  • NI.ni-packagemanager
  • nomic.gpt4all
  • Rowley.CrossWorks
  • Segger.EmbeddedStudioARM
  • Splunk.UniversalForwarder
  • Tableau.Desktop
  • Tableau.PrepBuilder
  • Tableau.Public
  • Tableau.Reader
  • veeam.veeam-agent
  • VMWare.WorkstationPlayer
  • VMWare.WorkstationPro
  • WHTA.Tamara
  • XmacsLabs.Mogan
  • Zoom.ZoomRooms

@mdanish-kh mdanish-kh mentioned this issue Dec 25, 2023
Open
2 tasks
@felixsanz felixsanz mentioned this issue Dec 25, 2023
Open
@mdanish-kh mdanish-kh mentioned this issue Jan 2, 2024
Open
6 tasks
@Smith8154
Copy link
Contributor

Removing these packages caused some issues for our organization, as we were relying on some of the packages for automated deployments that started failing while I was on holiday at the end of the year. I think it would have been best to wait until after the holidays to make this change to give everyone some time to make adjustments without running into change freezes or having people out on holiday.

Trenly referenced this issue Jan 5, 2024
@Trenly
Remove package that requires agreements (#131202)
ce41979
@khaffner
Copy link
Contributor

khaffner commented Jan 9, 2024

@denelon Are the relevant teams at Microsoft informed about fixing their respective installers?

@JvDrunen
Copy link

Any update?

@mdanish-kh mdanish-kh mentioned this issue Jan 19, 2024
Open
2 tasks
This was referenced Jan 21, 2024
Closed
Open
@vvirtues
Copy link
Contributor

When is the fix (short or long term) coming in? I see the --accept-source-agreements and --accept-package-agreements flag, but how do I implement it in a manifest? (also which is used for which situations).

EDIT: I realize that there is the Agreements parameter, but it is not documented in schema or otherwise. I am trying to implement it in a PR (#136114) but I will just have to use the info from microsoft/winget-cli#200 and https://github.com/microsoft/winget-cli/pull/1347/files#diff-851d289ea5f2ac425d19f54c568328e3557b0928478bed123b4232dd4189c8db to implement it.

@Trenly
Copy link
Contributor

Trenly commented Jan 25, 2024

When is the fix (short or long term) coming in? I see the --accept-source-agreements and --accept-package-agreements flag, but how do I implement it in a manifest? (also which is used for which situations).

EDIT: I realize that there is the Agreements parameter, but it is not documented in schema or otherwise. I am trying to implement it in a PR (#136114) but I will just have to use the info from microsoft/winget-cli#200 and microsoft/winget-cli#1347 (files) to implement it.

The Agreements section of the manifest is what needs to be added to resolve this issue. However, submitting a manifest with Agreements currently will be blocked as that field requires verified publishers currently. I believe that @denelon is working on a solution to allow the agreements without being a verified publisher, which will allow many of these packages to be re-added

@vvirtues
Copy link
Contributor

When is the fix (short or long term) coming in? I see the --accept-source-agreements and --accept-package-agreements flag, but how do I implement it in a manifest? (also which is used for which situations).
EDIT: I realize that there is the Agreements parameter, but it is not documented in schema or otherwise. I am trying to implement it in a PR (#136114) but I will just have to use the info from microsoft/winget-cli#200 and microsoft/winget-cli#1347 (files) to implement it.

The Agreements section of the manifest is what needs to be added to resolve this issue. However, submitting a manifest with Agreements currently will be blocked as that field requires verified publishers currently. I believe that @denelon is working on a solution to allow the agreements without being a verified publisher, which will allow many of these packages to be re-added

Oh ok, should I keep my PR as a draft or should I close and re-open once the solution's out?

@BiosPlus BiosPlus mentioned this issue Jan 25, 2024
Open
1 task
@mdanish-kh mdanish-kh mentioned this issue Feb 2, 2024
Closed
6 tasks
@stephengillie stephengillie mentioned this issue Feb 2, 2024
Closed
6 tasks
@olegpro81
Copy link

Guys, any update on this issue?

Open
6 tasks
@stephengillie stephengillie mentioned this issue Feb 7, 2024
Closed
6 tasks
@denelon
Copy link
Contributor Author

denelon commented Feb 15, 2024

Hey everyone, we have the updated policy implemented for the community repository. We're now allowing packages to be added back with agreements with explicit switches being passed to installers.

@denelon
Copy link
Contributor Author

denelon commented Feb 15, 2024

I'm going to go ahead and close this issue since we have the ability to accept these packages back into the community repository, but I will keep this message pinned until the packages have been added back.

@denelon denelon closed this as completed Feb 15, 2024
@olegpro81 olegpro81 mentioned this issue Feb 16, 2024
Closed
2 tasks
@denelon
Copy link
Contributor Author

denelon commented Feb 20, 2024

All removed packages have been restored. I'm unpinning this issue now.

@denelon denelon unpinned this issue Feb 20, 2024
This was referenced Mar 30, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Public-Service-Announcement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Smith8154 @Trenly @khaffner @JvDrunen @olegpro81 @denelon @vvirtues