[Package Issue]: ranpha.LavFiltersMegamix Unofficial package released

[lvzhenbo]

Please confirm these before moving forward

• I have searched for my issue and not found a work-in-progress/duplicate/resolved issue.
• I have not been informed if the issue is resolved in a preview version of the winget client.

Category of the issue

Other

Brief description of your issue

The new version of this package, 0.77.1.2, is not an official release, it was repackaged by a third party. The official code repository and version release is here https://github.com/Nevcairiel/LAVFilters

Steps to reproduce

winget upgrade ranpha.LavFiltersMegamix

Actual behavior

Installed third-party published packages

Expected behavior

This version should not have appeared

Environment

PS C:\Users\asus> winget --info
Windows 程序包管理器(预览) v1.5.101-preview
版权所有 (C) Microsoft Corporation。保留所有权利。

Windows: Windows.Desktop v10.0.22621.1194
系统体系结构: X64
软件包: Microsoft.DesktopAppInstaller v1.20.101.0

日志: %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir

用户设置: %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\settings.json

链接
----------------------------------------------------------------------------
隐私声明             https://aka.ms/winget-privacy
许可协议             https://aka.ms/winget-license
第三方声明           https://aka.ms/winget-3rdPartyNotice
主页                 https://aka.ms/winget
Windows 应用商店条款 https://www.microsoft.com/en-us/storedocs/terms-of-sale

### Screenshots and Logs

_No response_

[iDolmatov]

PS C:> winget search "lav filters"

LAV Filters Nevcairiel.LAVFilters 0.77.1 winget
LAV Filters 0.77.1-1 ranpha.LavFiltersMegamix 0.77.1.2 Tag: LAV Filters winget

I agree that the second added package is harmful. In addition, it includes third-party software that is not related to codecs. For example, installs PotPlayer with file associations changed.
I would classify this as malicious behavior.

[Semidio]

If user have already installed the software bundled with it, such as Potplayer, madVR etc. This ranpha.LavFiltersMegamix package will also overwrite user's custom settings.

[iDolmatov]

Another reason to remove this package from the catalog.
Official version LAV Filters 0.77.1 (released 2022/11/15)
https://1f0.de/lav-splitter/
-> GitHub Project
-> https://forum.doom9.org/showthread.php?t=156191
The "megamix" package from the "anime" site has a higher version. It must be based on nightly builds.
-> https://files.1f0.de/lavf/nightly/

The use of test builds without the desire to use should not exist.

[KrazyDeinos]

ranpha.LavFiltersMegamix should not be associated with LAV Filters in ANY WAY! It includes way more applications and breaks settings for users already using these applications or do NOT want it.
winget upgrade --all screwes this up if one is not careful.

Is there a way to remove/blacklist a source for a specific package? Before the pin command is implemented.