From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 10 13:17:19 2022 Received: (at 53818) by debbugs.gnu.org; 10 Feb 2022 18:17:19 +0000 Received: from localhost ([127.0.0.1]:57101 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIE0N-00057o-7K for submit@debbugs.gnu.org; Thu, 10 Feb 2022 13:17:19 -0500 Received: from h178-251-242-94.cust.a3fiber.se ([178.251.242.94]:50962 helo=mail.yoctocell.xyz) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIE0K-00057W-V3 for 53818@debbugs.gnu.org; Thu, 10 Feb 2022 13:17:18 -0500 From: Xinglu Chen DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoctocell.xyz; s=mail; t=1644517030; bh=pRUlGVDUq6R2I9sLOfNUz5iwamgL1F6tPwO/7dAQMxU=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=TKPa8MkWmLypPo+9caWEvQCfwg4thzaJULZ7lxy7usGHt8Dx8DBGdyvZkS2BuCoP2 KKzBmy6B5hXhtmPJZhV4sJhYwBklIluLffuzCf6zlZYP6P0ksHBd9avlWzPoz02HwR SqV0ydXxvjiql9x+ej/GCChzY9BB0siqegaUZT+c= To: Nicolas Goaziou Subject: Re: [bug#53818] [PATCH 0/3] Add Repology updater In-Reply-To: <87k0e4w1to.fsf@nicolasgoaziou.fr> References: <87pmnx7ynw.fsf@gnu.org> <87y22kxkv3.fsf@yoctocell.xyz> <87k0e4w1to.fsf@nicolasgoaziou.fr> Date: Thu, 10 Feb 2022 19:17:09 +0100 Message-ID: <87bkzewpqy.fsf@yoctocell.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 2.5 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Nicolas schrieb am Mittwoch der 09. Februar 2022 um 15:29 +01: > Hello, > > Xinglu Chen writes: > >> The point of the Repology updater is to act as a fallback if none of >> the other updaters can update a package, e.g., ‘maven-dependency- [...] Content analysis details: (2.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.6 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: yoctocell.xyz (xyz)] 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps X-Debbugs-Envelope-To: 53818 Cc: 53818@debbugs.gnu.org, Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.5 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Nicolas schrieb am Mittwoch der 09. Februar 2022 um 15:29 +01: > Hello, > > Xinglu Chen writes: > >> The point of the Repology updater is to act as a fallback if none of >> the other updaters can update a package, e.g., ‘maven-dependency- [...] Content analysis details: (2.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.6 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: yoctocell.xyz (xyz)] 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD -0.0 T_SCC_BODY_TEXT_LINE No description available. -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Nicolas schrieb am Mittwoch der 09. Februar 2022 um 15:29 +01: > Hello, > > Xinglu Chen writes: > >> The point of the Repology updater is to act as a fallback if none of >> the other updaters can update a package, e.g., =E2=80=98maven-dependency= -tree=E2=80=99. >> I already mentioned that language-specific updaters usually provide more >> accurate and detailed information, so they should be used when possible; >> we aren=E2=80=99t losing anything here. > > One issue is that such an updater will introduce frequent false > positives. It is common for Repology to get the latest release wrong, > because some distribution is doing fancy versioning, or because > different distributions disagree about what is upstream. Yeah, I have noticed that it sometimes thinks that a version like =E2=80=9C20080323=E2=80=9D is newer than something like =E2=80=9C0.1.2-0.a1= b2b3d=E2=80=9D, even though it might not necessarily be true. This seems to be the case for a lot of Common Lisp packages which usually don=E2=80=99t have any proper release= s. > I don't think we can rely on Repology's "newest" status. The updater may > need to provide its own version comparison tool, because Repology's tool > and Guix versioning do not play nice, in particular when using > `git-version'. In my testing, the =E2=80=9Cnewest=E2=80=9D status does a pretty good job (= besides the problem I mentioned above) Some other =E2=80=9Cbad=E2=80=9D updates I found[*] are listed below (exclu= ding Common Lisp packages). =2D-8<---------------cut here---------------start------------->8--- guile-ac-d-bus would be upgraded from 1.0.0-beta.0 to 1.0.0-beta0 sic would be upgraded from 1.2 to 1.2+20210506_058547e tla2tools would be upgraded from 1.7.1-0.6932e19 to 20140313 quickjs would be upgraded from 2021-03-27 to 2021.03.27 stow would be upgraded from 2.3.1 to 2.3.1+5.32 cube would be upgraded from 4.3.5 to 2005.08.29 python-ratelimiter would be upgraded from 1.2.0 to 1.2.0.post0 gr-osmosdr would be upgraded from 0.2.3-0.a100eb0 to 0.2.3.20210128 countdown would be upgraded from 1.0.0 to 20150606 http-parser would be upgraded from 2.9.4-1.ec8b5ee to 2.9.4.20201223 xlsx2csv would be upgraded from 0.7.4 to 20200427211949 keynav would be upgraded from 0.20110708.0 to 20150730+4ae486d =2D-8<---------------cut here---------------end--------------->8--- It seems like most of these could be solved by checking if the version scheme changed from semver to calver. I think that=E2=80=99s a pretty good result considering how many packages we have. [*] Until I ran into --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEAVhh4yyK5+SEykIzrPUJmaL7XHkFAmIFVqUVHHB1YmxpY0B5 b2N0b2NlbGwueHl6AAoJEKz1CZmi+1x5keoQALFZ7lM02DNnOm/wWSH1hTDfkmhw 5oSl96b7q4Sk2LlCPy3BX9NxqUYRLJgHR95m7UQU+1nJeFL8GLvguCc2FJJ/06i3 22wAnZglqrdrnpkf2THx3RoDVCZFTgreJFJczpI08DftvdPbDk6WVuMP/vGxiva+ Gmm2Nhf7ldlyTIXJIHmBRzvBNjKc9qFo0qD4HkodTACFHsQ93Bsm1SjXGcxcggyq 6HXcRzXLXQeu8XwLE1fyIZHkoicO2TZddVZxXYQlggkZTZvxhN1U4gOlYRUrzPWz Ho+4Be0Cy4GBMsM1JCVbietZa/gW62CpTrGTwCEcH35I1TnYbk4MBOXwY1gPdz7v R9vdPlEotayxevcQNEnI3KUYi0O79fXXbAJX0Mjy0Vk20TdMWfIAlEIrBJXOKLMx qsrYOUDcpt2jgrKLvyxj2D7OmPuMXnnd/uk4TcXIdMEh5f2+a7Ae4PvBE0sQnaKw zsnWJ0AucUSi7/WzEOZn2SKj/IGGkLwkHl2iXlGK9onRZjRcBcjE7Oz4sVVIzdVS gNLWwnV2gEHqTKpURldx0W9hS9cMHwVaomfUcwekNkxrHDEWHfLiu+qrYfBf+UWg 9ef8pTMvKwdEnnNMmggjoM5lBtMIkCLHWe9VjXrBkOcfa0bRME3YoxsiJJehJWB/ lH5IjK61Ndbo8r6g =oOl3 -----END PGP SIGNATURE----- --=-=-=--