The crappy installation and update channels are often tightly integrated with the vendors' monetization strategies, so there's a huge amount of inertia.
Microsoft Store could have changed this situation, had it been better designed and better received. Unfortunately, nobody seems to use it unless they have no other choice.
WinGet looks much better, but so far it's only for developers and power users.
I can't say it would have guaranteed people would have liked it, just that those were needed for it to have a chance.
What happened to just good old OS APIs? You could wrap the entire "secure update" process into a function call. Does Windows somehow not already have this?
The problem is finding and installing new software. Without a well-known official repository, people end up downloading Windows apps from random websites filled with ads and five different "Download" buttons, bundled with everything from McAfee to Adobe Reader.
We should be asking how to enable adding external sources like Ubuntu PPAs (which can then be updated like the rest), not whether there should be an official repository to bootstrap the package manager in the first place. "Store" is just a typical name for such a repository, it's not mandatory.
And if they have prevention mechanisms, why can't existing supply chains be secured with similar prevention mechanisms, instead of funneling to a single package manager provider?
The Store uses that behind the scenes. You don't have to use the store to use the system update system.
It's particularly good because updates can happen in the background, without having to launch your app to trigger them.
Surely someone with more resources and more sets of eyes could do better than that? AFAIK nobody has compromised Debian's APT repositories and Red Hat's RPM repositories yet.
But then, in an environment dominated by corporate IT who have no real means of switching, why improve the product?
Don't you need to create a Microsoft account to use it? That makes sense for a store where you buy apps with money, but not for a package manager for free software like Notepad++.
P.S. I'm waiting for the day you need a registered Ubuntu account to use their snap store :(
Suppose, for example, that they caught up to where Debian was 30 years ago and Windows shipped with a default list of sources for the core OS to which you could add your internal or preferred partners (e.g. Adobe in many companies). Literally millions of systems wouldn’t have been compromised because they had unpatched apps. If they’d had a curated list of responsible vendors, multiple generations of people wouldn’t have been trained that it’s normal to run installers because a web page told you so.
The problem is that this needs strong regulation to prevent it from turning into a payola marketing scam where vendors have to pay for placement.
It doesn't make sense to have one package manager for paid software and another for free software, so both types of software would be available in the same "store", with the unfortunate consequence that you need to log in with a Microsoft account in order to get free software.
But if I only used free software, I wouldn't even be using Windows.
Yeah enough to run MS Windows in a VM, with services that mess with Windows Update and modified Group Policy.
I do install as most things as possible with the MSYS2 package manager.
> Suppose, for example, that they caught up to where Debian was 30 years ago and Windows shipped with a default list of sources for the core OS to which you could add your internal or preferred partners (e.g. Adobe in many companies). Literally millions of systems wouldn’t have been compromised because they had unpatched apps. If they’d had a curated list of responsible vendors, multiple generations of people wouldn’t have been trained that it’s normal to run installers because a web page told you so.
The issue is that Microsoft is already forcing a lot on its "users", if only installing things from the OS store becomes commonplace, then I think MS Windows will end up like iOS and that is way worse (for me).