Closed JanPokorny closed 3 years ago
Thanks for the report @JanPokorny . I will double-check with the package-manager folks to see if this is changing (or has changed recently).
@ptorr-msft Interestingly, it seems like there's some code in the master branch appearing to require HTTPS (https://github.com/microsoft/winget-cli/commit/dd840a8559fe5456ec537082d5552a81b333aa9b#diff-8b85fbdd761cdf57bd78f3c741f457c9ef458ab251dce447c578bcb9833ee9af), but neither the most recent release of winget
nor the Azure pipelines for manifest repository (https://github.com/microsoft/winget-pkgs/pull/4209) seem to care.
That code appears to be for adding sources, not for package downloads.
An error is shown when attempting to enter a HTTP installer URL:
winget
does not actually have this limitation, however.There are apps published on HTTP-only websites (why? don't ask me), and since the installer authenticity is verified by embedded hash anyway, it is not necessary to check this.