comparison of forks of packages about repology-rules HOT 10 CLOSED

Done. openssl case is quite interesting though, I have no idea how to deal with in properly yet. What's the purpose of openssl-chacha and openssl-bad in Pentoo?

from repology-rules.

there is at least one fork of openssl (openssl-1.0-chacha) which should be treated as an independent package

I don't see it as an independent package. Technically it's a patchset to openssl which is not developed separately, tracks upstream and has the same versioning scheme.

There is also a more complex example:

Probably something similar here, at least partially. It does not matter though as none of these seem to have official releases, so it should be marked as noscheme.

from repology-rules.

I have added metadata.xml files for openssl (pentoo/pentoo-overlay@32923c8), not sure if it can help. Can exclude both PeterMosmans/openssl and drwetter/openssl-1.0.2.bad repositories or mark them properly?

Could you also mark rtl8812au as noscheme?

These two flood the current outdated output (https://repology.org/metapackages/?inrepo=gentoo_ovl_pentoo&outdated=1) so it would be good to fix the issue

from repology-rules.

Here you have it. The repology software is amazing and I use it every day. But I'm tired of scrolling over the long list of all kind of versions in the history of openssl every day. It's been more than a year... And rtl8812au will be next

These are the only problematic packages for now.

from repology-rules.

Pentoo updates are frozen until this crap is rolled back.

from repology-rules.

ok, reverted. But can you help to come up with a temporal workaround? Add an ignoring rules for these two forks in Pentoo perhaps? openssl-* and rtl8812au_*.

from repology-rules.

Thanks. You could've just reminded me that this issue requires action, will fix it now.

from repology-rules.

Both openssl cases are unusual indeed and required by tools for old protocol/cipher validations (SSLv2 etc).

openssl-chacha (https://github.com/PeterMosmans/openssl) used to be required by sslyze but this is no longer the case as I just realized. I can remove it.

openssl-bad (https://github.com/drwetter/openssl-1.0.2.bad and this is a fork of chacha) is still required by https://testssl.sh.

from repology-rules.

Thought so. Well, openssl-bad was not merged anyway.

The correct thing would be to merge it though, as it's still openssl (and from practical standpoint, for example, when we support vulnerabilities, openssl vulns should be reported for this too). The problem however is that from one hand, it's not probably going to be updated, from the other - it may be needed for some important package and it's expected for repositories to not want outdated entries reported which cannot be updated.

Would be most correct to merge it and mark as legacy, however I don't want to bother now. Seems like all your problematic packages were fixed?

from repology-rules.

yes, it's all fixed for now. let's close it finally. Thanks!

from repology-rules.