On Mon, Mar 08, 2021 at 09:17:15PM +0100, Davide Prina wrote: > I will try to propose a new check to improve Debian Quality :-) > > I'm using repology (https://repology.org) to report packages with home page > not work anymore and where I found a possible new home page. > But a lot of what I'm doing can be automatized. > > When upstream abandon a home page, the Debian link can be used: > * by attackers to build a fake home page > * by person to register the old home page to have a lot of referrals from a > lot of GNU/Linux distro, for something totally different > * ... > > but also, if upstream change to a new one can cause: > * outdated software in repository > * software based on outdated libraries > * software that seem not be maintained upstream > * removed software from Debian repository for the previous motivations > when, probably, in the new upstream there is the solution of all these > problems. > > For example, for Debian testing, you can see what packages have home page > problems: > https://repology.org/repository/debian_testing/problems > > most have point to the htpp URI that is redirect to the htpps one, but a lot > do not respond anymore or have other problems (for example point to a not > more maintained repository, for example goolge code; there are also some > case when not all the certificate chain is validated or similar issues). > > If you open for a package the repology detail you can see which distro are > using with version (note: I see that sometime different distro use the same > package name for different upstream software): > https://repology.org/project/jansi-native/versions > > and if you go to the information tab > https://repology.org/project/jansi-native/information > > you can see in the "Homepage links" section what home page link all the > distro are using; where a number is in green so that URI is working and must > be checked to know if it is the new home page of that Debian package. > > So, for example, in PTS (or in a bug report) can be reported to the DD: > 1) that the package home page has some problem > 2) a possible solution (in the repology page above) > > For all packages that there isn't a possible solution can be created a list > (in the wiki, for example) and ask user help to find if there is a new home > page. > > I wish that can be a good suggestion for the qa team. > > I think that repology can also be used for other checks. The Debian Janitor (through lintian-brush/upstream-ontologist) looks at repology (as well as other data sources) to determine the Homepage field for Debian packages where it is missing. Today, janitor/lintian-brush only sets the homepage field when it is not set - it doesn't remove the homepage field when it is missing. I was hoping to rely on duck (https://duck.debian.net/) to detect when the Homepage field has gone bad, but it looks like duck is no longer maintainer :( Jelmer
Attachment:
signature.asc
Description: PGP signature