You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for the awesome project, I really love the idea!
I think we have little understanding the scope of abandoned software and how much of it is still present in repositories. Repology shows such packages as newest, which is technically not wrong but lacks clarity about the health of the actual software and how new it actually is. I would understand if you consider this as out of the scope of Repology project.
For example:
mcrypt project is dead since 2008 but still presented in a lot of current repositories. The worst thing - it's a cryptography library that has multiple know security vulnerabilities, downstream package maintainers do patch them but you never know.
SDL Image is not dead project, Repology refers to SDL v1 compatible version 1.2.12 which was released in 2012, git repository branch SDL-1.2 contains version 1.2.13 with about 100 commits since 1.2.12 tag and includes fixes for known security vulnerabilities, but we don't know what repositories actually ships.
Nose is dead since 2015 and gave a major headache when Python 3.11 broke it.
IIUC Repology already collects information about project home page where a release date could be found or in case of a repository where the last commit was made. Showing that information would be already a great improvement, which can later be used to automatically flag packages as possibly obsolete/abandoned.
EOL distros like CentOS 6 (released in 2011, updates stopped in 2017, EOL since 2020) which is reported at 14% of newest packages or Ubuntu 14.04 (released in 2014, updates stopped in 2019, EOL 2024) which is reported at 22% of newest are probably good proxies to determine abandonware. It's actually scary how many unmaintained software could be still in use.
The text was updated successfully, but these errors were encountered:
Thanks for the awesome project, I really love the idea!
I think we have little understanding the scope of abandoned software and how much of it is still present in repositories. Repology shows such packages as
newest
, which is technically not wrong but lacks clarity about the health of the actual software and how new it actually is. I would understand if you consider this as out of the scope of Repology project.For example:
IIUC Repology already collects information about project home page where a release date could be found or in case of a repository where the last commit was made. Showing that information would be already a great improvement, which can later be used to automatically flag packages as possibly obsolete/abandoned.
EOL distros like CentOS 6 (released in 2011, updates stopped in 2017, EOL since 2020) which is reported at 14% of
newest
packages or Ubuntu 14.04 (released in 2014, updates stopped in 2019, EOL 2024) which is reported at 22% ofnewest
are probably good proxies to determine abandonware. It's actually scary how many unmaintained software could be still in use.The text was updated successfully, but these errors were encountered: