Well just after three years of having https://chocolatey.org, we’ve finally implemented package moderation. It’s actually quite a huge step forward. This means that when packages are submitted, they will be reviewed and signed off by a moderator before they are allowed to show up and be used by the general public.
What This Means for You Package Consumers
- Higher quality packages – we are working to ensure by the time a package is live, moderators have given feedback to maintainers and fixes have been added.
- More appropriate packages – packages that are not really relevant to Chocolatey’s community feed will not be approved.
- More trust – packages are now reviewed for safety and completeness by a small set of trusted moderators before they are live.
- Reviewing existing packages – All pre-existing packages will be reviewed and duplicates will be phased out.
- Not Reviewed Warning – Packages that are pre-existing that have not been reviewed will have a warning on chocolatey.org. Since this is considered temporary while we are working through moderation of older packages, we didn’t see a need to add a switch to existing choco.
Existing packages that have not been moderated yet will have a warning posted on the package page that looks like
Packages that have been moderated will have a nice message on the package page that looks like
If the package is rejected, the maintainer will see a message, but no one else will see or be able to install the package.
You should also keep the following in mind:
- We are not going to moderate prerelease versions of a package as they are not on the stable feed.
- We are likely only moderating the current version of a package. If you feel older versions should be reviewed, please let us know through contact site admins on the package page.
- Chocolatey is not going to give you any indication of whether a package is approved or not. We expect this to be temporary while we review all existing packages, so we didn’t see much benefit to the amount of work involved to bring it to the choco client in its current implementation.
What This Means for Package Maintainers
- Guidelines – Please make sure you are following packages guidelines outlined at https://github.com/chocolatey/chocolatey/wiki/createpackages – this is how moderators will evaluate packages
- Re-push same version – While a package is under review you can continually push up that same version with fixes
- Email – Expect email communication for moderation – if your email is out of date or you never receive email from chocolatey, ensure it is not going to the spam folder. We will give up to two weeks before we reject a package for non-responsive maintainers. It’s likely we will then review every version of that package as well.
- Learning about new features – during moderation you may learn about new things you haven’t known before.
- Pre-existing – We are going to be very generous for pre-existing packages. We will start communicating things that will need to be corrected the first time we accept a package, the second update will need to have those items corrected.
- Push gives no indication of moderation – Choco vCurrent gives no indication that a package went under review. We are going to put out a point release with that message and a couple of small fixes.
Moderation Means a Long Term Future
We are making investments into the long term viability of Chocolatey. These improvements we are making are showing you that your support of the Chocolatey Kickstarter and the future of Chocolatey is a real thing. If you haven’t heard about the kickstarter yet, take a look at https://www.kickstarter.com/projects/ferventcoder/chocolatey-the-alternative-windows-store-like-yum.