Open Trenly opened 1 year ago
@stephengillie - can I also request Dependencies and Area-Manifest labels?
We haven't really been considering "cross-source" dependencies. That's an area of complexity and security concerns. For now, we treat them as "same source only".
I got an interesting Cross-source issue then https://github.com/microsoft/winget-pkgs/pull/132856 Lenovo Vantage Service is a piece of silly software that you HAVE to install AFTER installing Lenovo Vantage, which is only available in the store... This creates a issue in InTune where your users are not Administrator as it requires Administrator to install this. (You could obv add a dependency to this in InTune but nevermind that)
Isn't the store repo a verified trusted source?
I got an interesting Cross-source issue then microsoft/winget-pkgs#132856 Lenovo Vantage Service is a piece of silly software that you HAVE to install AFTER installing Lenovo Vantage, which is only available in the store... This creates a issue in InTune where your users are not Administrator as it requires Administrator to install this. (You could obv add a dependency to this in InTune but nevermind that)
Isn't the store repo a verified trusted source?
I think the main issue with Cross-Source dependencies is that they would fail if the user has removed the source. For example, I usually remove the msstore source on my dev machine since I don't need it, and when I query for packages it's usually to see whether or not they already exist in the repo and I don't like having to specify -s winget
on every command
Brief description of your issue
Some packages may depend on programs from the Microsoft Store like Xbox Game Bar. Adding these packages as dependencies throws a manifest validation error. Ignoring the validation error, the dependencies install correctly
Steps to reproduce
Expected behavior
Manifest validation to succeed
Actual behavior
Environment