[arch-dev-public] [RFC] archweb nvchecker integration

Felix Yan felixonmars at archlinux.org
Wed Feb 2 18:35:52 UTC 2022


On 2/2/22 19:59, Anatol Pomozov via arch-dev-public wrote:
> And here is one more tool to check if package version is of out-of-date
> https://github.com/anatol/pkgoutofdate
> 
> It is a pretty simple tool that does not require any modification to Arch
> repo. It simply tries to guess what is the next possible version and then
> checks the upstream download site for it. The drawback is that it does not
> handle slotted packages and projects that do not use semver release
> numbering.

According to my past experience with it, there is an important 
additional drawback: it often detects pre-releases and broken 
(withdrawn) releases (as marked in a web page, github releases, or the 
corresponding repository) and the mechanism has no way to tell about this.

I am also a regular user of this tool but unfortunately I don't think 
it's a good idea to use as the main tool. It's a nice addition to my 
nvchecker config to occasionally check the consistency among different 
upstream sources (like new version in PyPI but there is no corresponding 
git tag, or maybe the PyPI package has been moved to a different 
repository, etc).

I think it would still be better to be explicit here. The maintainer 
should decide about which source to use.

-- 
Regards,
Felix Yan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20220202/e9596a87/attachment.sig>


More information about the arch-dev-public mailing list