CPMR0034 - Use of SourceForge (script)
CPMR0034 - Use of SourceForge (script)
WARNING
This rule has been marked as a Guideline
Guidelines are strong suggestions that improve the quality of a package version. These are considered something to fix for next time to increase the quality of the package. Over time Guidelines can become Requirements. A package version can be approved without addressing Guideline comments but will reduce the quality of the package.
Issue
In an automation script (.ps1
/.psm1
), the use of sourceforge was found for downloading software. It is not recommended to use SourceForge if an alternative, official distribution location is available. Unfortunately, some software is only available on SourceForge so this is a Guideline and not a Requirement.
NOTE
You may not be able to change this and this is okay.
NOTE
The search can also hit a false positive if it finds any of the following words in your automation scripts (
ps1
/psm1
):
- sourceforge
Recommended Solution
Please find another official distribution point to download from if there is one.
Reasoning
We’ve found that SourceForge has had some practices in recent times that are at odds with how we want to get software installed (malware free). Usually when installing silently, software doesn’t also try to install crapware on a machine. This is not always so with the sourceforge wrapper that comes along with some of these downloads.