(2019-10-05, 13:08)DarrenHill Wrote: There is a Windows Updater addon in the official repo (Kodi Windows Installer in the programs section) which makes the non-store one simple to keep updated.
I am always concerned about updater "addons", even integrated updaters unless they come from a vendor with strong security background. It's so often we get updaters using http instead of https, or even https but without checking the certificate is legit... allowing for such an easy spoofing of the update server. And then, the updater often doesn't verify the update binary is signed... or it takes unauthenticated data (even metadata) from the update server without checking it, which could contain buffer overflows, stack overflows or similar issues, then it asks for administrative rights to install the update binary...
So for me, no way I'm going to use an updater as an "addon". Even if the addon is legit (it probably is if it is in the official repo), so not malicious in itself, I definitely have no reason to think it is _robust_ against spoofing and other attacks.
Microsoft Store on the other hand, only accepts binaries from the actual Kodi team and pushes them through a security-validated and security-maintained mechanism. And does that automatically, transparently for me.
-> I really love that Kodi is available on Microsoft Store and I only want to use that version! It surely doesn't solve any bug / security issue there might be in actual Kodi product, but at least gets the update situation mostly sorted out.