From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: The Nixpkgs Monitor
Date: Sat, 18 Jan 2014 16:35:14 +0100
Message-ID: <87bnz9s3pp.fsf@gnu.org>
References: <87r48awug8.fsf@gnu.org> <20140118120256.GA7593@debian>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37297)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1W4Y0b-0001O2-Nu
	for guix-devel@gnu.org; Sat, 18 Jan 2014 10:40:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1W4Y0Q-0000GV-5M
	for guix-devel@gnu.org; Sat, 18 Jan 2014 10:40:29 -0500
Received: from hera.aquilenet.fr ([141.255.128.1]:59452)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1W4Y0P-0000F0-Ts
	for guix-devel@gnu.org; Sat, 18 Jan 2014 10:40:18 -0500
In-Reply-To: <20140118120256.GA7593@debian> (Andreas Enge's message of "Sat,
	18 Jan 2014 13:02:56 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org

Andreas Enge <andreas@enge.fr> skribis:

> On Tue, Jan 14, 2014 at 02:42:47PM +0100, Ludovic Court=C3=A8s wrote:
>> A great initiative that we could get inspiration from: the Nixpkgs
>> Monitor scans packages for updates =C3=A0 la =E2=80=98guix refresh=E2=80=
=99 (but not limited
>> to GNU packages), and also for CVEs.
>
> What is the limitation on scanning for updates only for GNU packages?

The (guix gnu-maintenance) modules embeds knowledge about GNU practices
(use of ftp.gnu.org), plus knowledge about exceptions (such as GNU
packages hosted elsewhere.)

To be generalized, that knowledge would typically need to be embedded in
package definitions.  A new field would be used to embed a description
of what method to use (currently we only do FTP scans, but we=E2=80=99d at =
least
need something HTTP-based), and what base URI to search.

Something like that:

  (define gcc-4.7
    (package
       ...
       (updates (upstream-updates
                  (method ftp-scan)
                  (uri-pattern
                    '("ftp://ftp.gnu.org/gnu/gcc/4.7/gcc-" version
                      ".tar.gz"))))))

> Could the same logic not be used for other packages that do not contain p=
art
> of the package version in their download uris, and maybe even others?

Perhaps we could deduce URI patterns in the best case from the origin=E2=80=
=99s
URI.  But it=E2=80=99s not clear that it would always work.

And what do we do for URIs in http:// or mirror://?

Debian has a tool called =E2=80=98uscan=E2=80=99.  I wonder if Nixpkgs Moni=
tor uses
that.

Thanks,
Ludo=E2=80=99.