Why should the update procedure for an application be handled by the application itself rather than a package manager? Let app devs focus on their app and repository maintainers on update manifests.
Well, in this case I think it’s a remnant of n++ predating any package manager on windows. I do think that an embedded self-updater is better than having to download a new version through the browser.
It wasn’t entirely clear to me if the compromise effects those of us who installed it though scoop/winget, as the package manager should pull directly from the correct source, so the compromised updater shouldnt matter. Reinstalled to be sure.
This is it exactly. When I was using Npp, Windows didn’t have anything resembling a package manager. Does it even really have one now?
I mean kinda. You have to use both WinGet and Scoop to cover all the use cases…
There’s also Chocolatey but I don’t know if that gets used anymore.
When I first installed N++, none of these were a thing yet though. It was just the MSI installer.
I would say chocolatey and scoop are pretty much interchangeable. I don’t remember why I landed on scoop. Agreed that until recently there have been no package managers on Windows whatsoever.
Fuck. I haven’t used Npp in a long time, but that’s awful. Glad they were able to get it fixed and their transparency is to be highly commended. But damn does it make me worry about other projects. Npp isn’t exactly obscure, but it’s also not exactly a massive target either.