Best practices in practice: Software release tracking and end of life

Oct. 30th, 2024 02:00 pm
terriko: (Default)
This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.


This is part of my series on “best practices in practice” where I talk about best practices and related tools I use as an open source software developer and project maintainer. These can be specific tools, checklists, workflows, whatever. Some of these have been great, some of them have been not so great, but I’ve learned a lot. I wanted to talk a bit about the usability and assumptions made in various tools and procedures, especially relative to the wider conversations we need to have about open source maintainer burnout, mentoring new contributors, and improving the security and quality of software.





If you’re running Linux, usually there’s a super easy way to check for updates and apply them. For example, on Fedora Linux `sudo dnf update` will do the magic for you. But if you’re producing software with dependencies outside of a nice distro-managed system, figuring out what the latest version is or whether the version you’re using is still supported can sometimes be a real chore, especially if you’re maintaining software that is written in multiple programming languages. And as the software industry is trying to be more careful about shipping known vulnerable or unsupported packages, there’s a lot of people trying to find or make tools to help manage and monitor dependencies.





I see a lot of people trying to answer “what’s the latest” and “which versions are still getting support” questions themselves with web scrapers or things that read announcement mailing list posts, and since this came up last week on the Mailman irc channel, I figured I’d write a blog post about it. I realize lots of people get a kick out of writing scrapers as a bit of a programming exercise and it’s a great task for beginners. But I do want to make sure you know you don’t *have* to roll your own or buy a vendor’s solution to answer these questions!





What is the latest released version?





The website (and associated API) for this is https://release-monitoring.org/





At the time that I’m writing this, the website claims it’s monitoring 313030 packages, so there’s a good chance that someone has already set up monitoring for most things you need so you don’t need to spend time writing your own scraper. It monitors different things depending on the project.





For example, the Python release tracking uses the tags on github to find the available releases: https://release-monitoring.org/project/13254/ . But the monitoring for curl uses the download site to find new releases: https://release-monitoring.org/project/381/





It’s backed by software called Anitya, in case you want to set up something just for your own monitoring. But for the project where I use it, it turned out to be just as easy to use the API.





What are the supported versions?





My favourite tool for looking up “end of life” dates is https://endoflife.date/ (so easy to remember!). It also has an API (note that you do need to enable javascript or the page will appear blank). It only tracks 343 products but does take requests for new things to track.





I personally use this regularly for the python end of life dates, mostly for monitoring when to disable support for older versions of Python.





I also really like their Recommendations for publishing End-of-life dates and support timelines as a starting checklist for projects who will be providing longer term support. I will admit that my own open source project doesn’t publish this stuff and maybe I could do better there myself!





Conclusion





If you’re trying to do better at monitoring software, especially for security reasons, I hope those are helpful links to have!

Tags:

Home!

Feb. 22nd, 2017 09:50 am
terriko: (Default)
Made it home from India without incident, by which I mean my green card was accepted at the border and no one asked me to unlock my phone. It's weird how I just went on a trip to a country where I couldn't drink the water and the front page of the newspaper had multiple rape cases and an acid attack against women and yet, crossing the US border was *still* the most scary part with the constantly changing rules.

The trip was great. I saw so many things I never expected to see, ate so much delicious food, and met so many people that I'm not sure I'm ever going to get everyone's names straight. The PyCon Pune conference was *amazing*. I keynoted to a room of over 500 people, and I've never had such an engaged audience! I did code sprints with people who were awesome, too -- we discovered that Mailman had something like 9 different dev setup guides, many of which were out of date, and yet somehow everyone got things up and running *and* folk helped patch up the docs to be consistent. If you ever get a chance, seriously, go.
Tags:

"but it is not going to be installed"

Apr. 14th, 2015 11:16 pm
terriko: (Default)
Playing with docker and the mailman bundler today in an attempt to get some images running, and I hit a point where I got this:


root@fd97a058ea83:~/mailman-bundler# apt-get install python3-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
python3-dev : Depends: libpython3-dev (= 3.4.0-0ubuntu2) but it is not going to be installed
Depends: python3.4-dev (>= 3.4.0-0~) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.


It was very non-obvious to me what was going on and google wasn't super helpful, so I'm posting in case someone else searches for the same "but it is not going to be installed" installed error message.

Turns out, what happened is that I needed to run apt-get update, and now it's happy.

Well, at least relative to that... buildout in mailman-bundler is complaining about numpy so I've still got some work to do!
Tags:

Mailman 3.0 Suite Beta!

Apr. 26th, 2014 11:33 am
terriko: (Default)
I'm happy to say that...


Mailman logo

Mailman 3.0 suite is now in beta!

As many of you know, Mailman's been my open source project of choice for a good many years. It's the most popular open source mailing list manager with millions of users worldwide, and it's been quietly undergoing a complete re-write and re-working for version 3.0 over the past few years. I'm super excited to have it at the point where more people can really start trying it out. We've divided it into several pieces: the core, which sends the mails, the web interface that handles web-based subscriptions and settings, and the new web archiver, plus there's a set of scripts to bundle them all together. (Announcement post with all the links.)

While I've done more work on the web interface and a little on the core, I'm most excited for the world to see the archiver, which is a really huge and beautiful change from the older pipermail. The new archiver is called Hyperkitty, and it's a huge change for Mailman.

You can take a look at hyperkitty live on the fedora mailing list archives if you're curious! I'll bet it'll make you want your other open source lists to convert to Mailman 3 sooner rather than later. Plus, on top of being already cool, it's much easier to work with and extend than the old pipermail, so if you've always wanted to view your lists in some new and cool way, you can dust off your django skills and join the team!

Hyperkitty logo

Do remember that the suite is in beta, so there's still some bugs to fix and probably a few features to add, but we do know that people are running Mailman 3 live on some lists, so it's reasonably safe to use if you want to try it out on some smaller lists. In theory, it can co-exist with Mailman 2, but I admit I haven't tried that out yet. I will be trying it, though: I'm hoping to switch some of my own lists over soon, but probably not for a couple of weeks due to other life commitments.

So yeah, that's what I did at the PyCon sprints this year. Pretty cool, eh?
Tags:

Photogenic Mailbox in Snow

Feb. 16th, 2014 10:48 pm
terriko: (Default)
The snow is gone at this point (now it's all "risk of flooding" and "high winds" out here), but I thought I'd share a photo from last weekend:

Photogenic Mailbox in snow

This mailbox has a little spotlight above it (presumably so people don't drive into it or so that the mail carrier can find it), which always amuses me. I personally refer to it as "photogenic mailbox" because of the spotlight. Photogenic mailbox is apparently also photogenic in the snow, not just the dark.

I imagine I'll use photogenic mailbox in a presentation about GNU Mailman, someday!

Note: you can actually see the spotlight, or evidence of it, if you look at the photo carefully. I should have photoshopped that out, but it turns out photoshop was installed on the hard drive that died, so I haven't sorted that out and gotten it re-installed yet.
Tags:

Profile

terriko: (Default)
terriko

June 2025

S M T W T F S
1234567
89 1011121314
15161718192021
22232425262728
2930     

Links

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 17th, 2025 03:57 pm
Powered by Dreamwidth Studios