Skip to content

Instantly share code, notes, and snippets.

@flcdrg

flcdrg/moderation.md

Last active December 16, 2023 23:26
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save flcdrg/473113d83126cb6e8df0887bb49141f3 to your computer and use it in GitHub Desktop.
Save flcdrg/473113d83126cb6e8df0887bb49141f3 to your computer and use it in GitHub Desktop.
Download ZIP
Chocolatey Moderation
Raw
moderation.md

Please resolve these to allow this package to be approved:

  • tools\VERIFICATION.txt should contain instructions on how the user can independently verify that the embedded file is the same as available for download from the original site.
  • Remove tools\chocolateybeforemodify.ps1 as it isn't being used
  • Remove tools\LICENSE.txt and tools\VERIFICATION.txt as they are only required when embedding files in the package
  • If you are the software author, please confirm that via a comment here. Alternatively, if you are not the software author, put your own name in the owners field.
  • Remove the file ReadMe.md
  • Remove the file update.ps1
  • Add minimum version numbers for package dependencies
  • Run the PowerShell code to remove comments from scripts
  • Include a checksum in chocolateyInstall.ps1
  • Add a summary field
  • A high VirusTotal detection score needs to be investigated, for example checking with the software author. Hopefully it is a false positive, but even open source software is not immune. eg. a 'supply chain' attack could compromise an otherwise innocent application. If the total remains in the range 5-10, then you will need to append a note to the description indicating why there are false positive results for this package.
  • A high VirusTotal detection score needs to be investigated, for example checking with the software author. Hopefully it is a false positive, but even open source software is not immune. eg. a 'supply chain' attack could compromise an otherwise innocent application. Totals greater than 10 mean a package cannot be approved or exempted. If the total is reduced to the range 5-10, then you will need to append a note to the description indicating why there are false positive results for this package.
  • When embedding software with the package, the software license must explicitly allow software redistribution. Either change the package to download the software (instead of embedding it), or contact the sofware author and get written permission to distribute the software via Chocolatey, or for them to alter the license. This permission should be appended to the LICENSE.txt file for reference.

Also, if possible:

  • Add packageSourceUrl to point to where the package source resides
  • If not done already, see if you can add one or more of docsUrl, mailingListUrl, bugTrackerUrl and/or projectSourceUrl with appropriate links.

thanks, David

@ferventcoder
Copy link

  • Add 'admin' tag

Remove this one.

@ferventcoder
Copy link

  • Because you are embedding binary files in the package, we now require you to include tools\VERIFICATION.txt and tools\LICENSE.txt. See choco new for examples.

This is checked by the validator automatically.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment