Bug#985633: warn about watch files that use github and include full refs
Hi Jelmer,
On Sat, Mar 20, 2021 at 7:27 PM Jelmer Vernooij <jelmer@debian.org> wrote:
>
> https://qa.debian.org/cgi-bin/watch?pkg=jupyter-core
I saw the traffic on IRC where someone suggested we replace
.*archive/v?([0-9.]*).tar.gz
with
.*archive/.*/v?([0-9.]*).tar.gz
to fix at least 1,500 affected packages. Unfortunately, that may not
work for jupyter-core, which does not prefix tags with a "v" and for
which "(.*)" catches the slash (or maybe even slashes).
As a tool without network access, Lintian is not well positioned to
figure out, in general, whether a URL/regex combination works. Would
it be okay if Lintian instead issues two now classification tags?
The first would occur once per source. It shows the watch file URL and
the regular expression for HTML parsing, possibly followed by "debian
update" (or similar). The second tag would occur once for each of the
options selected, i.e. multiple times. Armed with that information,
the Janitor could probe the URL and figure out which parts need
fixing.
The watch file version is already available in UDD, as you know, so
you could reconstruct the watch file and perhaps even enlist 'uscan'
to help you.
The parsing for these components is in place. If it is time sensitive,
I could provide the new tags via UDD within 48 hours. What do you
think? Thank you!
Kind regards
Felix Lechner
Reply to: