From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Akib Azmain Turja Newsgroups: gmane.emacs.devel Subject: Re: What to do about unmaintained ELPA packages Date: Mon, 30 May 2022 17:14:00 +0600 Message-ID: <87tu97p91j.fsf@disroot.org> References: <87k0a42fc9.fsf@posteo.net> <8a6d74f7-b78f-3dad-1bd5-f41354f4391f@yandex.ru> <877d642agm.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19773"; mail-complaints-to="usenet@ciao.gmane.io" To: Tim Cross , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon May 30 13:16:18 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nvdNi-0004un-5A for ged-emacs-devel@m.gmane-mx.org; Mon, 30 May 2022 13:16:18 +0200 Original-Received: from localhost ([::1]:35872 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nvdNg-0002Tp-EX for ged-emacs-devel@m.gmane-mx.org; Mon, 30 May 2022 07:16:16 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46926) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nvdLv-0001cq-KM for emacs-devel@gnu.org; Mon, 30 May 2022 07:14:29 -0400 Original-Received: from knopi.disroot.org ([178.21.23.139]:58034) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nvdLr-0006rh-71 for emacs-devel@gnu.org; Mon, 30 May 2022 07:14:27 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7E4B743777; Mon, 30 May 2022 13:14:18 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Original-Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UqykFAEfqhAO; Mon, 30 May 2022 13:14:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1653909256; bh=x51Z4+crJMA9wBp6MWCmjHtaX5+bKZzBGtuPDqm/9Rc=; h=From:To:Subject:In-Reply-To:References:Date; b=RwYyR2OLX/q+QINF0+K63maxbCXH9uJ7l5+q24XqSdfDTg18TPZA3hIgSpEYMXBNe WEUFVkbYE1/tBeN1JHlRfePCoxfz2WouD+ck89IgKDPIV+9h/imdsO6sK+Uxlh4zfz C6uSPP6+mDHgGbHpFMXVtOQLbLQLNLqmw234HXI687v4g7Vj66qdDcdeey2Tpnp01T Rme9ogddZ3Zv/0PjNbWc2BaUOjCZDyp5Vfenh0QksZsgyvjTLBec/zmaddoWyiOqr8 n6D0A8dsmB8YO802quzD3lwp9UsgAerfHxcXoTSarb9+1K1d+n+4WoZEoTrZrfHqGZ oafwabxhV+0HA== In-Reply-To: <877d642agm.fsf@gmail.com> Received-SPF: pass client-ip=178.21.23.139; envelope-from=akib@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:290375 Archived-At: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Tim Cross writes: > Dmitry Gutov writes: > >> On 30.05.2022 00:34, Philip Kaludercic wrote: >>> There are some popular packages on GNU ELPA (and I expect NonGNU ELPA) >>> that are practically unmaintained. One example would be Yasnippet that >>> has been gathering issues and pull requests on GitHub, mostly without >>> any comments whatsoever. For example, see >>> https://github.com/joaotavora/yasnippet/issues. Does anyone know of any >>> other packages of this kind? >> >> Talking about yasnippet in particular, it more in the "stable" rather th= an >> "bitrotten" category, so I wouldn't worry about it too much. >> >> Or definitely not resort to measures like removing the reference to the >> upstream. >> >>> I'd like to ask, if there some point at which should one should go from >>> regarding packages like these from "de facto unmaintained" to "actually >>> abandoned"? Perhaps if there was no real activity for over a year, >>> despite constant contributions? Would it make sense to call for anyone >>> new to take over maintaining the package? Or depending on how long the >>> package has been unmaintained, how popular the package is, how much >>> effort it would take to apply the changes one could modify the package >>> in elpa.git/nongnu.git and inform the maintainers that if they decide to >>> start working on the package again, that there are downstream changes >>> that they should look at. >> >> Personally, carrying over the development on ELPA would seem counter-pro= ductive. >> Both due to the reduced potential community of contributors and reporter= s, and >> because of the wealth of reports, discussions and docs that reside at the >> currently dormant upstream. Kinda passive-aggressive, too. >> >> I think the best step right now would be to try to contact Noah and ask = to share >> commit access. And if not Noah, then Joao -- he's definitely still aroun= d. > > > I would agree. First step is to try contacting the repository owner. I > notice in the case of yasnippets, they are active in other projects, so > there may be a good reason none of the issues or PRs are getting action > in that repo.=20 I agree. If the maintainer doesn't respond then we can think about taking any other step. > > I'm not sure there is a 'one size fits all' answer here. We probably > need to look at each case individually.=20 That right, because each case differs and has something unique. > > I do think both ELPA and non-GNU ELPA would likely benefit from some > statistic showing number of weekly/monthly downloads and/or possibly > some heuristic quality metric i.e. number of open issues, whether the > package has a test suite, number of compiler warnings, days since last > update etc. While none of these are likely sufficient metrics on their > own, perhaps a combination could be useful as an indicator.=20 Yeah, these will help users to make a better choice. Although compiler warnings count and time since last update can be easily calculated, how can we check a package has a test suite? And how can we figure out the number of open issues (or whatever)? That would need to use many APIs like GitHub API, GitLab API, Gitea API. I would also suggest showing the license of a package (for NonGNU only, as all ELPA packages are GPL). By the way, is it OK to use Expat (or MIT) license for elisp packages? > > One unfortunate tendency in the current climate is to consider anything > which has not had an update in some time to be abandoned. However, it > could simply be it has reached a stable point of maturity where fewer > updates are necessary or critical enough.=20 > That's exactly me! I start writing package, and when I have implemented everything I want, I just put it aside, until I think it needs attention (either because I or someone else found a bug or because I would like to add another feature). =2D-=20 Akib Azmain Turja This message is signed by me with my GnuPG key. It's fingerprint is: 7001 8CE5 819F 17A3 BBA6 66AF E74F 0EFA 922A E7F5 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmKUpvgACgkQVTX89U2I YWvH8xAAxcs0IY9T1tmoepyrvRDk8iJSvkPXwgS/o9iq7PBLUQuHc6n03o5hWQlQ 2DaGa8UKlvxWlzzdexqTnFdH4Lf2ppOtUZGVXapf/3SKHOyN0f1+J6dC3nHlh2s6 qg8rmSAbqJvYJ3W2QBtv9FkCiRf5dne801sqiPbzD6HaqsmM6zV4FbVgzsj1Mhfk +Fpz1MKov8ZAiYBokW/DIOHcp82VVHdVAFh5V0GSdWDD+4Q7lohdxUZlUcTTTUBc /hqm5GgCXnvMCJlIPqyr2Fywnby8hdPc95h6Qej7hqezyNR/m8KOsiwHB4ja7Fxr J7r0arJUO4lPNJappEJ59cXfKanm2wvT2LLUSaATKR5IIrdqxV4xLGY3zoptv5Pi FlASQ3T8xzMAbEsTzudXiN9vbNZ79X4jWF+o7+Z7oW273s7cjpEyXWVybRpF5XMo sHO/6U/2fpfdFlClUmbF9R1gFSfDhXLghjdrjXq2AEyTq6J/iD1r/7ztYgRdrkCN X8TJg9lZZUz7rwJH5dHJ5Twy3cBkVZHZh+ISJ0Tz0HuUCjbdoenyjQRWDMBk3zhS aW/sQ1EukixXZtmSiv2+DPLFdn1nZ9SutlLh5xWoKYKbVtqGxnUMfO9ENaowvQQ/ aU61NlTyVmvM0Sm1j0r/ablgQb8F/qi0/nmW/36P5qaEQLh3dpE= =yYnt -----END PGP SIGNATURE----- --=-=-=--