Please resolve these to allow this package to be approved:
tools\VERIFICATION.txt
should contain instructions on how the user can independently verify that the embedded file is the same as available for download from the original site.tools\LICENSE.txt
should contain the text of the software license. This must also permit redistribution for the software to be embedded in the package.- Remove
tools\chocolateybeforemodify.ps1
as it isn't being used - Remove
tools\LICENSE.txt
andtools\VERIFICATION.txt
as they are only required when embedding files in the package - If you are the software author, please confirm that via a comment here. Alternatively, if you are not the software author, put your own name in the
owners
field. - Remove the file
ReadMe.md
- Remove the file
update.ps1
- Add minimum version numbers for package dependencies
- Run the PowerShell code to remove comments from scripts
- Include a checksum in chocolateyInstall.ps1
- Add a
summary
field - A high VirusTotal detection score needs to be investigated, for example checking with the software author. Hopefully it is a false positive, but even open source software is not immune. eg. a 'supply chain' attack could compromise an otherwise innocent application. If the total remains in the range 5-10, then you will need to append a note to the description indicating why there are false positive results for this package.
- A high VirusTotal detection score needs to be investigated, for example checking with the software author. Hopefully it is a false positive, but even open source software is not immune. eg. a 'supply chain' attack could compromise an otherwise innocent application. Totals greater than 10 mean a package cannot be approved or exempted. If the total is reduced to the range 5-10, then you will need to append a note to the description indicating why there are false positive results for this package.
- When embedding software with the package, the software license must explicitly allow software redistribution. Either change the package to download the software (instead of embedding it), or contact the sofware author and get written permission to distribute the software via Chocolatey, or for them to alter the license. This permission should be appended to the LICENSE.txt file for reference.
Also, if possible:
- Add
packageSourceUrl
to point to where the package source resides - If not done already, see if you can add one or more of
docsUrl
,mailingListUrl
,bugTrackerUrl
and/orprojectSourceUrl
with appropriate links.
thanks, David
Remove this one.