CPMR0034 - Use of SourceForge (script)

CPMR0034 - Use of SourceForge (script)

WARNING

This rule has been marked as a Guideline

Guidelines are strong suggestions that improve the quality of a package version. These are considered something to fix for next time to increase the quality of the package. Over time Guidelines can become Requirements. A package version can be approved without addressing Guideline comments but will reduce the quality of the package.

Issue

In an automation script (.ps1/.psm1), the use of sourceforge was found for downloading software. It is not recommended to use SourceForge if an alternative, official distribution location is available. Unfortunately, some software is only available on SourceForge so this is a Guideline and not a Requirement.

NOTE

You may not be able to change this and this is okay.

NOTE

The search can also hit a false positive if it finds any of the following words in your automation scripts (ps1/psm1):

  • sourceforge

Please find another official distribution point to download from if there is one.

Reasoning

We’ve found that SourceForge has had some practices in recent times that are at odds with how we want to get software installed (malware free). Usually when installing silently, software doesn’t also try to install crapware on a machine. This is not always so with the sourceforge wrapper that comes along with some of these downloads.