I've started using winget to install my apps for exactly this reason. I can't keep track of every url for every piece of software.

▲

ptx 4 hours ago | parent [-]

Is that safe? Microsoft's policy [1] seems to say that anyone can publish an update to a package as long as it passes "an automated process" which checks that it's "not known to be malicious".

[1] https://learn.microsoft.com/en-us/windows/package-manager/pa...

	▲	fuzzy2 an hour ago \| parent [-]
		It’s not. And it gets worse. A WinGet package can suddenly be introduced for software you have already installed and then the next "update all" will install whatever. Could be something completely different! WinGet is not only unreliable, it is but one step removed from Remote Code Execution as a Service. Well, maybe one-and-a-half, if package repo maintainers were to pay attention, but that’s not realistic.