I looked at chocolatey a few years back and decided I didn't like installing anonymously packaged software on my machine.
Recently my team started using it for cloud formation app deployment and I see it has reviewed and approved packages now.
I was also under the misaprehension that chocolatey packages contained binaries but they typically download from the software makers site at install time - so no binary interference to inject nasties by package authors.
Have to say I'm impressed with the updates to security and will look into using it privately as a result.
Recently my team started using it for cloud formation app deployment and I see it has reviewed and approved packages now.
I was also under the misaprehension that chocolatey packages contained binaries but they typically download from the software makers site at install time - so no binary interference to inject nasties by package authors.
Have to say I'm impressed with the updates to security and will look into using it privately as a result.
Thanks for your work!