[Nix-dev] Keeping nixpkgs up to date

Mateusz Kowalczyk fuuzetsu at fuuzetsu.co.uk
Wed Aug 27 16:35:36 CEST 2014 

Hi,

Some weeks ago the nixpkgs monitor[1] started to work again and the
numbers there are worrying. I inline the numbers at the bottom.

Now, there are 2000+ outdated packages with maintainers listed and 1000
outdated without maintainers at all (and the 1600 whose status we don't
know). Even if somehow half of these are false-positives (which they
aren't), that's still a huge number.

It is difficult to try to make a dent in that number as an individual
and we don't have that many people actively maintaining the things they
are listed under.

I'd like to propose a system like Gentoo's, the herd system. Basically
we split up packages up by categories and assign maintainer group to
each category. For example, we might have something like

Haskell packages – Haskell maintainer group
games – games maintainer group
Python packages – Python maintainer group
emulators – …
… and so on.

We then recruit/encourage people to join the groups they are interested
in. This means that rather than a single person maintaining some
packages and being single point of failure, we now have multiple people
maintaining a larger pool of packages. It is then easy to ask questions
like ‘what games are outdated?’.

Of course this can be implemented alongside the existing system of
listed individual maintainers.

It also gives us the benefit of being able to look at each group and say
‘oh, games don't have any maintainers, we should look for some people to
do that’ which is currently very difficult. It's also much easier to
ensure the groups remain active as opposed to having to chase down each
individual maintainer listed on each package.

At the beginning it will simply transform the problem of ‘we need to
find maintainers for 2000 packages’ to ‘we need to find maintainers for
10 groups’. Groups can then simply use the monitor to see which packages
become outdated with hopes that someone in the group makes the update.

What do you think? I think something like this is inevitable with the
ever-growing number of packages and users or we end up with the
situation like we have today, with thousands of outdated packages
without maintainers or with inactive/busy maintainers listed.

The changes required would be to categorise packages we have (easy,
simply go by how nixpkgs is organised), assign a group (an e-mail
address, perhaps a mailing list or something) to each and go through
each expression to add the respective group's e-mail.

Thanks!

Current numbers:

Packages                 #
Potentially vulnerable	 234
Unmaintained not covered 1691
Outdated unmaintained	 1048
Outdated	         2143


Maintainers   Packages
0             4347
1             2065
2             743
3             254
4             268
5             1

[1]: http://monitor.nixos.org
[2]: http://devmanual.gentoo.org/general-concepts/herds-and-projects/

-- 
Mateusz K.

More information about the nix-dev mailing list