Those files will be uploaded to Virus Total along with the setup EXE. So lets say the package installs some software that has a bunch of DLL's, EXE's and other files. When I say 'output' above I mean whatever is installed by the package. Soon this will be automated and the maintainer will receive an email when a limit on the detections is reached. Currently, a moderator (at the next stage) verifies these results and acts accordingly.
The package 'output' is submitted to Virus Total which is scanned against 60 - 70 AV engines. It's at this stage that the checksums are also validated as part of that process. The package is installed and uninstalled in a sandbox to make sure it 'works' silently and without interaction. Once a package passes validation it goes through verification. It also checks that if you are embedding binaries in the package that the correct verification and licence files are included.
nuspec file) is checked to ensure it has the correct fields and those fields that have URLs are valid.
When a package is submitted, the metadata (the. When a package is submitted it goes through 4 stages: There are other packages maintained by the vendors as well as part of their release process or as a separate package submission process. Just to follow on from what others have said, I'll explain the process a package goes through.Īs /u/Delbo圓g said, packages are generally created and maintained by volunteers.
0 kommentar(er)
