Which winget ID can i trust to get sops ?

[nipil]

Hello, i have a question regarding the versions and sources available on winget.

> winget search sops
Nom                ID                     Version Correspondance Source
-----------------------------------------------------------------------
Secrets OPerationS SecretsOPerationS.SOPS 3.8.1   Moniker: sops  winget
Secrets OPerationS Mozilla.SOPS           3.7.3   Moniker: sops  winget

As i have not been able to find a post/article/issue regarding the naming of the extension available on winget, i wonder if both are valid and "trustable".

Thanks in advance Nicolas

[felixfontein]

I'm not sure how winget works, but from some quick searching I found https://github.com/microsoft/winget-pkgs as apparently the source of information for winget. The SOPS packages are these ones:

• https://github.com/microsoft/winget-pkgs/tree/master/manifests/m/Mozilla/SOPS
• https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/SecretsOPerationS/SOPS

The first package is from when SOPS belonged to Mozilla, and covers version 3.7.3. The second package is from when SOPS was moved to CNCF / the github.com/getsops organization, and covers versions 3.8.0 and 3.8.1. The packages are downloaded from GitHub (the Mozilla one from https://github.com/mozilla/sops, which was the old location of the SOPS repo and which was moved to https://github.com/getsops/sops).

I have no idea how that repo's governance model works, i.e. who makes sure that new versions added there are legit, but it seems that SecretsOPerationS.SOPS is the right ID for newer versions.

@Okeanos seems to have added all versions that are available there, maybe they can comment on this.

[Okeanos]

I added the versions to the best of my knowledge based on publicly available statements by the involved parties you mentioned @felixfontein . I don't think there's an official "rename" procedure like there is for homebrew (example butane is marked as Formerly known as: fcct for instance) with WinGet.

You should always verify the Manifests contain what you expect them to and don't overly rely on (unaffiliated) volunteers such as myself to provide accurate information.

[felixfontein]

@Okeanos in any case, thanks a lot for helping with keeping SOPS in winget-pkgs updated!

[nipil]

That is great news, for users like me, to have an answer as to the "source of truth", especiallty for packages related to cryptography.

Might i suggest adding a Line about the recommended / up-to-date ID formation winget in the install page ?

And thanks you both for answering me, have a nice week nicolas

Le dim. 16 juin 2024, 21:21, Felix Fontein @.***> a écrit :

@Okeanos https://github.com/Okeanos in any case, thanks a lot for helping with keeping SOPS in winget-pkgs updated!

— Reply to this email directly, view it on GitHub https://github.com/getsops/sops/issues/1533#issuecomment-2171822121, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABODGW3JHARG7GV32LS3FIDZHXQT5AVCNFSM6AAAAABJMXPMROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZRHAZDEMJSGE . You are receiving this because you authored the thread.Message ID: @.***>