Squirrel VS open_safety

I never had much luck with ClickOnce, so I was using Squirrel.Windows. I've recently switched to the Clowd.Squirrel fork, since I needed support for AzureSignTool in the build process.

As soon as Office 2007 didn't use MSI the format was doomed.

I assume the Here in NIH refers to an individual team, not MS as a whole.

Teams is entirely NIH https://github.com/Squirrel/Squirrel.Windows for updates to the Electron app.

I would use winget, but MS made it weirdly hard to run as a script on multiple computers, it installs per user, because... who knows.

So still using chocolatey

Back in the day, wasn't Discord installed using Squirrel?

Originally, we used to use Squirrel.Windows for our internal applications but we had a few issues with it before we finally dropped it.

The most viable option with the path of least resistance would be Squirrel.Windows as it is both and installer and updater but has some caveats (SemVer pattern must be followed).

Maybe someone has a better ide, but this is one of many reasons why I'm trying to get all our old ClickOnce installers migrated to something else (I've heard good things about Squirrel.

Electron does have auto-update built in (Squirrel), but it comes with severe non-price related caveats. Squirrel is only intermittently maintained and goes through long periods in which the different versions are abandoned (see for Windows, macOS). People have requested a switch to Sparkle on macOS, which is what Conveyor uses, but with no response. There's also the issue that their update solutions require interactive servers but the only free one is restricted to open source projects, and isn't itself open source. The Electron website points you towards a variety of projects if you want to run your own server but all of them are (again) abandoned for years.

We replaced clickonce with https://github.com/Squirrel/Squirrel.Windows and are generally happy with the choice

Discord in the Task Manager can sometimes show up as "Update", made by GitHub, because Discord uses a program, that GitHub / their devs were/are involved with making, to update the app, and some kind of bug happens that means it doesn't display as 'Discord'.

Malware delivered as an email with a link to a zip file containing a .js file is one of the most common methods of delivery, right behind word macros. The "map the .js extension to notepad.exe" is a common security trick with a measurable, immediate drop in malware in large orgs. You can deploy it via GPO or InTune.

Personal promotion, I built this as a better alternative:

https://github.com/technion/open_safety

Note the built in .js parser hasn't basically ever updated, if you're writing for this you're writing like you're targetting IE5.

Allow me to reference my own workaround for those vectors:

https://github.com/technion/open_safety

https://github.com/technion/open_safety

The time I've spent on the Github actions is substantively higher than the time I've spent on the .rs files. Of course you can't "test actions before commit" in the way you can actual code, so I kept having to make branches, make 15 commits like "try action fix again", followed by squashing them all down and merging.