based on https://devblogs.microsoft.com/powershell/powershell-core-release-improvements/#comments-52

When you say similar do you mean a different package, or would you ask the current owner to transfer ownership?

@jcotton42 I filed this on behalf of Brett Jacobson who posted a comment on my blog. I replied to their comment and I'm hoping they would give details.

cc @DarwinJS

It is totally within the ideals of the chocolatey ecosystem for software owners to take over chocolatey packaging if they wish to and I'm cool with it.

There was some previous heart-burn in github issues that all other packaged editions of powershell-core end up on a Microsoft owned packaging distribution mechanism. But that is not true of packages distributed via Mac "Brew" right?

In brew, brew owns all the formulas. I wasn't there when the model for brew was decided. Honestly, I prefer the brew model.

The technical implementation, with brew, conceptually is very similar to chocolatey.

@TravisEz13 - I would agree - except with automatic virus scanning of package content and all download pointers - Chocolatey is quite likely it's safer than brew.

Also at 50-56 MB powershell core for windows is right at the threshold where it is acceptable to enclose the installer into the package. You'd have to ask Rob - but he might be agreeable for such a prominent package.

Including it also makes curation much easier for companies who curate public packages to internal ones and those doing builds that don't have access to the repo (they don't have to rebuild the package)

FYI - when I include the binary installer, I still do the checksum so that users still get the satisfaction that the binaries are checking out correctly.

You would also have to ask about the approval process - since I have trusted packager status there is no human review - but if we add someone to the maintainers list and they submit, they might have to undergo a period of review or you could ask for that status, noting that it is CI automation building and uploading the package.

except with automatic virus scanning of package content and all download pointers

I know this happen with brew and the virus scanner microsoft asks me to run (I'm in a pilot though), I had to disable it for performance. Although, chocolatey might be able to do this more explicitly with APIs available in windows.

@DarwinJS We made significant changes to the third party notices in 6.2. You should look and see if it still restricts you from distributing the package.

@TravisEz13 - Ahh but chocolatey does this as part of the repository services - not on your client at install time - and you can see the virus total report as package data on the site BEFORE pulling it.

Unless you are referring to something else it is still the MIT license as per here: https://github.com/PowerShell/PowerShell/blob/master/ThirdPartyNotices.txt#L26-L32

and the chocolatey package does distribute that license.

Expand to see the contents of "VERIFICATION.txt" and "LICENSE.txt" in the web browser here: https://chocolatey.org/packages/powershell-core

Let me know if the package is somehow not compliant as that is a critical filtering criteria for packages that must be removed from chocolatey.org

I don't have any reason to believe the package is not compliant. https://github.com/PowerShell/PowerShell/blob/master/ThirdPartyNotices.txt#L26-L32 is embedded in the MSI itself.

To make sure all the notices are available before the package is installed, I would suggest including the third party notices here:

Just providing some links to prior areas where this has been brought up as this would be a partial duplicate of #2708 but also see the much in depth conversation in https://github.com/Microsoft/azure-pipelines-image-generation/pull/680 where @joeyaiello mentioned about a MSFT Backed Choco Feed - which I would be 100% behind for the same reasons @markekraus mentioned in that Pull Request

Choco is my preferred route to get PSCore until MS Store or Inboxing happens in the future but if you check out #8663 & especially my comment here https://github.com/PowerShell/PowerShell/issues/8663#issuecomment-456272838 you'll find all the links to the other similar issues where I have been able to find them in the repo

@TravisEz13, version 6.2.0.20190408 is in automated moderation. It includes ThirdPartyNotices.txt and it references that ThirdPartyReferences.txt is available within LICENSE.txt

Let me know if that seems sufficient.

ping @SteveL-MSFT @joeyaiello can this be prioritised as a release mechanism for the v7 GA timeline please

@kilasuit I believe at this time, we can't officially publish to Choco (@joeyaiello can confirm). However, I do plan on publishing to MS Store.

@DarwinJS The chocolately package you are maintaining is a bit behind in release version. We have rc1 available in releases but you didn't establish automation to fetch the updated binary. Please update the chocolately package to match what's available on github and consider automating this process. I know it can be automated because Windows Terminal has a chocolately package that's automated per the maintainer. Basically it's checking the Release page if a newer release is available and does this at whatever time interval you choose. For preview, I'd do it once every 4 hours to ensure the time gap between the Release page being updated and the chocolately package is minimal.

@WSLUser - it is exactly one release behind by less than 2a day because it
is pending the answer to this issue.

On Wed, Dec 18, 2019 at 10:04 AM WSLUser notifications@github.com wrote:

@DarwinJS https://github.com/DarwinJS The chocolately package you are
maintaining is a bit behind in release version. We have rc1 available in
releases but you didn't establish automation to fetch the updated binary.
Please update the chocolately package to match what's available on github
and consider automating this process. I know it can be automated because
Windows Terminal has a chocolately package that's automated per the
maintainer. Basically it's checking the Release page if a newer release is
available and does this at whatever time interval you choose. For preview,
I'd do it once every 4 hours to ensure the time gap between the Release
page being updated and the chocolately package is minimal.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/PowerShell/PowerShell/issues/9315?email_source=notifications&email_token=ACYPLBRL662UBC5XI3MOJETQZI3V5A5CNFSM4HED2NW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHGM2SI#issuecomment-567070025,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ACYPLBUSV73J4YRWO5GSOMTQZI3V5ANCNFSM4HED2NWQ
.

When I opened pwsh it told me there was a newer version available. So I expected to update it via Chocolatey, I did not check when the update occurred. I am not the only one who expects it. If we're going to be nicely informed there's a newer version available when we open pwsh, then we should just as nicely be provided an easy install method independent of the MS Store. It can be provided there too but Chocolatey should be an alternative for Windows users.

@DarwinJS I don't think the team will do anything here until 7.1

When I opened pwsh it told me there was a newer version available. So I expected to update it via Chocolatey

@WSLUser - unfortunately that's a false expectation to have whilst the chocolatey package is not owned by the PS team nor would the official way to update be via chocolatey.

There is this simple to run script as well - https://github.com/PowerShell/PowerShell/blob/master/tools/install-powershell.ps1

GitHub

PowerShell/PowerShell

PowerShell for every system! Contribute to PowerShell/PowerShell development by creating an account on GitHub.

I just use the Install=PowerShell script up on Github:
This is the long winded way:

$URI = "https://aka.ms/install-powershell.ps1"
Invoke-RestMethod -Uri $URI | 
  Out-File -FilePath C:\Foo\Install-PowerShell.ps1
C:\Foo\Install-PowerShell.ps1 -UseMSI -Quiet

With winget on the horizon, I don't think this is something we're going to end up pursuing. I love the fact that someone else is maintaining the PS 7 Chocolatey package, and I think you can absolutely use that one and be sure that it's our official code by validating the signature.