On Mon, Mar 08, 2021 at 09:17:15PM +0100, Davide Prina wrote:
I will try to propose a new check to improve Debian Quality :-)
I'm using repology (https://repology.org) to report packages with home page not work anymore and where I found a possible new home page.
But a lot of what I'm doing can be automatized.
When upstream abandon a home page, the Debian link can be used:
* by attackers to build a fake home page
* by person to register the old home page to have a lot of referrals from a lot of GNU/Linux distro, for something totally different
* ...
but also, if upstream change to a new one can cause:
* outdated software in repository
* software based on outdated libraries
* software that seem not be maintained upstream
* removed software from Debian repository for the previous motivations when, probably, in the new upstream there is the solution of all these problems.
For example, for Debian testing, you can see what packages have home page problems:
https://repology.org/repository/debian_testing/problems
most have point to the htpp URI that is redirect to the htpps one, but a lot
do not respond anymore or have other problems (for example point to a not more maintained repository, for example goolge code; there are also some case when not all the certificate chain is validated or similar issues).
If you open for a package the repology detail you can see which distro are using with version (note: I see that sometime different distro use the same package name for different upstream software): https://repology.org/project/jansi-native/versions
and if you go to the information tab https://repology.org/project/jansi-native/information
you can see in the "Homepage links" section what home page link all the distro are using; where a number is in green so that URI is working and must
be checked to know if it is the new home page of that Debian package.
So, for example, in PTS (or in a bug report) can be reported to the DD:
1) that the package home page has some problem
2) a possible solution (in the repology page above)
For all packages that there isn't a possible solution can be created a list (in the wiki, for example) and ask user help to find if there is a new home page.
I wish that can be a good suggestion for the qa team.
I think that repology can also be used for other checks.
The Debian Janitor (through lintian-brush/upstream-ontologist) looks
at repology (as well as other data sources) to determine the Homepage field for Debian packages where it is missing.
Today, janitor/lintian-brush only sets the homepage field when it
is not set - it doesn't remove the homepage field when it is missing.
I was hoping to rely on duck (https://duck.debian.net/) to detect when
the Homepage field has gone bad, but it looks like duck is no longer maintainer :(
I will try to propose a new check to improve Debian Quality :-)
I'm using repology (https://repology.org) to report packages with home page not work anymore and where I found a possible new home page.
But a lot of what I'm doing can be automatized.
When upstream abandon a home page, the Debian link can be used:
* by attackers to build a fake home page
* by person to register the old home page to have a lot of referrals from a lot of GNU/Linux distro, for something totally different
* ...
but also, if upstream change to a new one can cause:
* outdated software in repository
* software based on outdated libraries
* software that seem not be maintained upstream
* removed software from Debian repository for the previous motivations
when, probably, in the new upstream there is the solution of all these problems.
For example, for Debian testing, you can see what packages have home page problems:
https://repology.org/repository/debian_testing/problems
most have point to the htpp URI that is redirect to the htpps one, but a lot do not respond anymore or have other problems (for example point to a not more maintained repository, for example goolge code; there are also some
case when not all the certificate chain is validated or similar issues).
If you open for a package the repology detail you can see which distro are using with version (note: I see that sometime different distro use the same package name for different upstream software): https://repology.org/project/jansi-native/versions
and if you go to the information tab https://repology.org/project/jansi-native/information
you can see in the "Homepage links" section what home page link all the distro are using; where a number is in green so that URI is working and must be checked to know if it is the new home page of that Debian package.
So, for example, in PTS (or in a bug report) can be reported to the DD:
1) that the package home page has some problem
2) a possible solution (in the repology page above)
For all packages that there isn't a possible solution can be created a list (in the wiki, for example) and ask user help to find if there is a new home page.
I wish that can be a good suggestion for the qa team.
I think that repology can also be used for other checks.
So, for example, in PTS (or in a bug report) can be reported to the DD:
1) that the package home page has some problem
2) a possible solution (in the repology page above)
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 292 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 188:23:57 |
| Calls: | 6,616 |
| Files: | 12,165 |
| Messages: | 5,315,029 |