[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Designing importers
From: |
Ludovic Courtès |
Subject: |
Re: Designing importers |
Date: |
Sun, 10 Apr 2022 22:33:37 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi Hartmut,
Hartmut Goebel <h.goebel@crazy-compilers.com> skribis:
> So this is a more general discussion: Would it be better — also in
> regard to detecting new versions — to use the projects source-repo or
> the package manager's repo.
I guess it depends on how the repository is managed. It’s not uncommon
for PyPI and Rubygems to contain archives whose content differ from
what’s available upstream—for instance lacking tests, sometimes worse¹.
> Given the recent discussion about how to make packaging easier, maybe
> the hex.pm importer (and others) should become much more capable:
> E.g. the importer could fetch the meta-data from hex.pm and then
> create a package definition pointing to github (falling back to
> hex.pm). And then - to make life easy for packagers, check the repo
> for „rebar3“ and in case create a snippet for removing it.
If an importer can determine what the upstream repository is, then yes,
I guess it would be good to use that repo.
The PyPI importer sometimes has that information but it currently
doesn’t use it. A good exercise would be to try and have it fetch code
from Git instead of pypi.org.
Thanks,
Ludo’.
¹ See for example the ‘LastPyMile’ paper:
https://securitylab.disi.unitn.it/lib/exe/fetch.php?media=research_activities:experiments:esecfse2021.pdf