Skip to content

Default source certificate updates shouldn't require an update to the WinGet Client #6030

New issue
New issue
Open
Feature
Open
Default source certificate updates shouldn't require an update to the WinGet Client#6030
Feature
Labels
Issue-FeatureThis is a feature request for the Windows Package Manager client.
@denelon

Description

@denelon
denelon
opened on Feb 5, 2026

Relevant area(s)

WinGet CLI

Description of the new feature / enhancement

The Microsoft Store "msstore" source in WinGet leverages certificate pinning to avoid MITM (Man In The Middle) types of attack vectors. The certificate information is currently "hard coded" in the WinGet client. This leads to non-functioning clients on earlier releases of Windows (before the client is updated).

There should be a different mechanism to enable WinGet to safely and securely receive updated certificate information so in the future, earlier clients (with support for this) can function and install packages from the "msstore" (or any other default source in the future) source.

Proposed technical implementation details

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Issue-FeatureThis is a feature request for the Windows Package Manager client.

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions