Is Automating App Packaging for a Private Winget Repository a Good Idea?

By
Chris Evans
-
0
5
Asked By CuriousCoder42 On

Hey everyone,

I'm a product manager focused on software deployment automation, and I want to gather some real-world insights. With Winget gaining traction as a standard for app management, using the public repository for enterprise deployments can lead to security and compliance issues due to lack of control, unpredictable updates, and the absence of custom configurations.

We're exploring the concept of an automation engine that packages applications with custom configurations and uploads them exclusively to a Private Winget Repository. This would allow Winget to remain the deployment tool on the endpoints, but all packages would be solely private.

The plan is to offer two deployment modes:

1. **Hosted by us**: We manage a private repository that you can use for app deployments.
2. **Customer-hosted**: We deliver automated packages to a private repository set up in your environment.

I'm curious about your experiences:
- Are you currently having issues managing Winget sources, or is it low on your priority list?
- Would you be comfortable using a service for automation in packaging and feeding it to your private repo, or do you prefer the manual approach?
- For those who are already utilizing Winget in enterprise settings, what challenges are you encountering right now?

I'd appreciate any honest feedback, even if it means saying this idea won't work! Thanks!

4 Answers

Answered By NexusGuru22 On

Setting up a private NuGet repository on platforms like Nexus OSS or JFrog Artifactory has been super beneficial for us. We can ensure no unexpected executable files sneak in, letting us test and stage updates before deployment. Might be something to consider even with your automation idea.

Answered By ProDevOpsMaster On

It's great to see Winget being recognized, but I’m not sure it’s ready to be the mainstay for large enterprises. 🤔 I'm still stuck splitting my deployments between various tools to get the job done efficiently.

Answered By SkepticalSam On

If someone else is managing the service that pushes into a private repo, how can it truly be considered ‘private’? You might want to think that through because that could really affect your control over updates and security.

Answered By DevOpsDude99 On

I’ve dabbled with Winget for smaller app installations, but trying to deploy apps across a company network has been a nightmare. It seems to struggle under mass deployment scenarios, so I usually default to other tools that handle large-scale rollouts better. I'm not convinced Winget is up to the task for serious use in enterprises yet.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.