On Sat, Dec 4, 2021 at 3:34 AM Paul Wise wrote:
>
> Repology gets you mappings for all the source packages in Debian in one
> download (assuming it has an export of the mappings, that may need to
> be added), while the Anitya mapping requires a human to manually add a
> mapping for each of the tho
On Sat, Dec 04, 2021 at 02:43:56AM +, Scott Kitterman wrote:
> I think that there's a security consideration associated with all these
> proposals for externalizing finding upstream updates. Currently watch files
> and at least the redirectors I know of all run on Debian infrastructure or on
>
On 2021-12-03 00:51, Paul Wise wrote:
> The one issue I can think of with using release-monitoring.org is that
> Debian becomes more reliant on an external service, while currently we
> are completely independent of other distros for version checking.
>
> Converting the release-monitoring.org che
On December 5, 2021 1:51:48 AM UTC, Paul Wise wrote:
>On Sat, 2021-12-04 at 02:43 +, Scott Kitterman wrote:
>
>> I think that there's a security consideration associated with all these
>> proposals for externalizing finding upstream updates.
>
>Good point.
>
>> If one of these services wer
On Sat, 2021-12-04 at 02:43 +, Scott Kitterman wrote:
> I think that there's a security consideration associated with all these
> proposals for externalizing finding upstream updates.
Good point.
> If one of these services were ever compromised it would provide a
> vector for offering subst
On Sat, 04 Dec 2021 at 10:33:55 +0800, Paul Wise wrote:
> The other issue with using Anitya is that Debian and Fedora have
> different policies and culture for choosing which upstream versions to
> update to. Debian strongly prefers LTS versions while Fedora are all
> about the latest and greatest,
On December 3, 2021 12:12:47 PM UTC, Stephan Lachnit
wrote:
>On Thu, Dec 2, 2021 at 11:52 PM Paul Wise wrote:
>>
>> On Thu, 2021-12-02 at 23:36 +0100, Stephan Lachnit wrote:
>>
>> > If I understand correctly, release-monitoring already offers such a
>> > mapping [1].
>>
>> It seems like the A
On Fri, 2021-12-03 at 13:12 +0100, Stephan Lachnit wrote:
> I mean it looks rather easy to do, just a couple of mouse clicks.
> Compare that to writing a watch file at the moment (assuming one has
> to do more than copy and paste the github example).
Repology gets you mappings for all the source
On Thu, Dec 2, 2021 at 11:52 PM Paul Wise wrote:
>
> On Thu, 2021-12-02 at 23:36 +0100, Stephan Lachnit wrote:
>
> > If I understand correctly, release-monitoring already offers such a
> > mapping [1].
>
> It seems like the Ayanita distro mapping needs to be done manually once
> per package, while
On Thu, 2021-12-02 at 23:36 +0100, Stephan Lachnit wrote:
> If I understand correctly, release-monitoring already offers such a
> mapping [1].
It seems like the Ayanita distro mapping needs to be done manually once
per package, while using the Repology data would automatically get us
the mapping
On Thu, 2 Dec 2021, 23:17 Paul Wise, wrote:
> At minimum we would need a way to map from release-monitoring.org
> package names to Debian source package names. Assuming they use Fedora
> source package names, then the Repology service provides such a mapping
> and we could presumably could get a
On Fri, 3 Dec 2021, Paul Wise wrote:
I think this would be the best path forward - it would probably be not
easy given that it changes entirely how the current system works, but
it might be well worth the effort. Working together with another
distribution would share the work for the distro. I'm
On Thu, 2021-12-02 at 15:57 +0100, Stephan Lachnit wrote:
> I think this would be the best path forward - it would probably be not
> easy given that it changes entirely how the current system works, but
> it might be well worth the effort. Working together with another
> distribution would share t
On Thu, Dec 2, 2021 at 12:51 AM Paul Wise wrote:
>
> It might be a idea to look at how other distributions do checking for
> new upstream releases and adopt some of their improvements.
>
> I note Fedora uses a service (that isn't Fedora specific) for this:
>
> https://release-monitoring.org
> http
14 matches
Mail list logo
