VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?

    • massivefailure@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      How about winget or the other commandline package managers? winget does have VLC according to winget-pkgs. This is the kind of “stores” we need, ones that emulate Linux repositories instead of locked down smartphone garbage.

      • delirious_owl@discuss.online
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        Thats not secure. Isn’t the pount of the Windows Store that packages are signed by developers and verified when downloaded?

        • TWeaK@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          9 months ago

          Pretty sure they’re signed by Microsoft instead? At least that’s what other app stores do.

          It’s all a game of shifting the point of trust around. Personally, I’d trust most small time developers more than the likes of Microsoft and Google, however I’d trust Fdroid more than unknown developers (but still go direct to the developers I do trust).

          • delirious_owl@discuss.online
            link
            fedilink
            arrow-up
            0
            ·
            9 months ago

            The good ones are signed by the devs, otherwise there’s a risk of malicious modifications at upload or on the publishing infrastructure. This is how Maven works. All packages MUST be signed with PGP by the devs.

            Apt isn’t signed by the devs but its signed by the package maintainers, whose job it is to verify the packages that they prepare (devs can’t upload software in Debian)

        • 4am@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          No, the point of the windows store is that Microsoft gets more control over your machine.

          Code downloaded from websites can still be (and is) signed; when it’s not you get that box where you have to click “Run Anyway”

        • possibly a cat@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          I think the point of the Windows store is to coerce developers into either using the Visual Studio environment and beta testing new package formats, or paying MS a fee to get a signed certificate.

          • masterspace@lemmy.ca
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            Come on man, every single software developer in existence uses package managers. It should not be complicated to understand the point of the store.

          • dev_null@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            9 months ago

            You can pay a one time fee if $25 to get Microsoft to sign your app on the Microsoft store, or you can pay $400+ per year to buy your own certificate. So Microsoft Store is sadly the cheap way to release apps on Windows. (Without users getting scary warnings from Windows and AV about installing unsigned aoftware)

            • possibly a cat@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              9 months ago

              Right. My memory is a bit hazy (I don’t use the store). What I was trying to address was the revenue funnel they built around the environment. MS still gets a cut of the $400 certs, right?

              The UX of the scary warning is to make the user feel safe installing signed software in comparison, but there is no guarantee that a signed app does not contain an exploit. It’s an abuse of people’s misunderstandings of security, for profit and user share.

              Maybe I should have worked through my thoughts a little more before posting, but hopefully this clarifies my sentiment. And like I said, I don’t use the store at all, so if I still have some inaccuracies then I welcome corrections.

              • dev_null@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                9 months ago

                The certs are sold by certificate authority companies, and Microsoft doesn’t get a share of that, though I’m not sure.

                Yeah, software being signed says nothing about it not being malicious or insecure, but it does prove the author is what it says, and if it is malicious then the responsible party is clearly visible.

                For non-commercial hobby/open-source software the certificate price is prohibitive, so the only 2 options are Microsoft Store or accepting that users will see the scary warnings, and of course complain to the developer about it.