On 2021/03/08 08:25 PM, Jelmer Vernooij wrote: > On Mon, Mar 08, 2021 at 09:17:15PM +0100, Davide Prina wrote: > > I will try to propose a new check to improve Debian Quality :-) > > > > I'm using repology (https://repology.org) to report packages with home page > > not work anymore and where I found a possible new home page. > > But a lot of what I'm doing can be automatized. > > > > When upstream abandon a home page, the Debian link can be used: > > * by attackers to build a fake home page > > * by person to register the old home page to have a lot of referrals from a > > lot of GNU/Linux distro, for something totally different > > * ... > > > > but also, if upstream change to a new one can cause: > > * outdated software in repository > > * software based on outdated libraries > > * software that seem not be maintained upstream > > * removed software from Debian repository for the previous motivations > > when, probably, in the new upstream there is the solution of all these > > problems. > > > > For example, for Debian testing, you can see what packages have home page > > problems: > > https://repology.org/repository/debian_testing/problems > > > > most have point to the htpp URI that is redirect to the htpps one, but a lot > > do not respond anymore or have other problems (for example point to a not > > more maintained repository, for example goolge code; there are also some > > case when not all the certificate chain is validated or similar issues). > > > > If you open for a package the repology detail you can see which distro are > > using with version (note: I see that sometime different distro use the same > > package name for different upstream software): > > https://repology.org/project/jansi-native/versions > > > > and if you go to the information tab > > https://repology.org/project/jansi-native/information > > > > you can see in the "Homepage links" section what home page link all the > > distro are using; where a number is in green so that URI is working and must > > be checked to know if it is the new home page of that Debian package. > > > > So, for example, in PTS (or in a bug report) can be reported to the DD: > > 1) that the package home page has some problem > > 2) a possible solution (in the repology page above) > > > > For all packages that there isn't a possible solution can be created a list > > (in the wiki, for example) and ask user help to find if there is a new home > > page. > > > > I wish that can be a good suggestion for the qa team. > > > > I think that repology can also be used for other checks. > > The Debian Janitor (through lintian-brush/upstream-ontologist) looks > at repology (as well as other data sources) to determine the Homepage field > for Debian packages where it is missing. > > Today, janitor/lintian-brush only sets the homepage field when it > is not set - it doesn't remove the homepage field when it is missing. > I was hoping to rely on duck (https://duck.debian.net/) to detect when > the Homepage field has gone bad, but it looks like duck is no longer > maintainer :( While the website is indeed down, one can still use duck as a standalone program to highlight dead urls in a source package. Granted that this is not helping an archive wide QA check. There was some talk about reviving duck.debian.net as part of distro-tracker [1][2], unfortunatly, I haven't managed to free enough time to start working on it (being busy on other projects ATM). [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963887 [2]: https://salsa.debian.org/qa/distro-tracker/-/issues/51 -- Baptiste Beauplat - lyknode
Attachment:
signature.asc
Description: PGP signature