Nixpkgs: List of outdated packages

Created on 28 Jul 2017  路  5Comments  路  Source: NixOS/nixpkgs

Issue description

https://repology.org/metapackages/outdated-in-repo/nix_unstable/

I do not mean that they all to be upgraded. Some of the latest versions might be too ...unstable. But some packages are well outdated, the gaps between the version in nixpkgs and the latest seem big and this may indicate security problems as well

Steps to reproduce

Technical details

  • System: (NixOS: nixos-version, Ubuntu/Fedora: lsb_release -a, ...)
  • Nix version: (run nix-env --version)
  • Nixpkgs version: (run nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion)
  • Sandboxing enabled: (run grep build-use-sandbox /etc/nix/nix.conf)
picture volth

Most helpful comment

The repology tool came by before. #27237 discusses how we can provide it with up to date information.
Aside from sharing this tool exists I don't see much in having an open issue about this.

picture FRidh on 28 Jul 2017
👍2

All 5 comments

The repology tool came by before. #27237 discusses how we can provide it with up to date information.
Aside from sharing this tool exists I don't see much in having an open issue about this.

FRidh picture FRidh on 28 Jul 2017
👍2

There are 3 different tasks:

  1. supply their database with the actual information
  2. write a script/regexp to replace dead urls in nixpkgs
  3. update packages - it could also be automated to some degree.

What they have in common is the word repology, but the tasks are different and each of them have separate decision on should it be done and how. I'd say that seeing here "sharing this tool exists" is a kind of marketing biased point of view.

volth picture volth on 28 Jul 2017

@volth how about using repology's API to query for a package then extracting most recent version from that? It could be then compared against nix-env --query ran on a local nixpkgs checkout for that same package. Would likely need to check if they (repology) are OK with that (assuming it would work).

pbogdan picture pbogdan on 28 Jul 2017

FRidh is right that #27237 has to be fixed first: the information about nixpkgs is not fresh there and we first have to supply them with information (of fork their code and run locally with the fresh information).

@pbogdan: what I meant is to find top packages with greater difference in version between nixpkgs and swarm of other distros and thus find abandoned packages to upgrade or mark them as broken or insecure. Information about other distros can be outdated but about nixpkgs must be fresh enough.

volth picture volth on 28 Jul 2017

Repology has updated because #27237 was fixed.

Note that there is/was https://github.com/Phreedom/nixpkgs-monitor which was available on https://monitor.nixos.org/. Last time I looked at it it seemed abandoned but maybe some code could be re-used. It was able to generate patches for package updates you could apply to your nixpkgs checkout for easy testing.

fpletz picture fpletz on 31 Jul 2017
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ob7 picture ob7  路  3Comments
langston-barrett picture langston-barrett  路  3Comments
vaibhavsagar picture vaibhavsagar  路  3Comments
matthiasbeyer picture matthiasbeyer  路  3Comments
teto picture teto  路  3Comments