How to deal with "faulty" unmaintained packages

[teto]

This is a general question, for haskell for instance some special maintainers can amend packages in case the author went missing https://wiki.haskell.org/Hackage_trustees .

I have 2 cases in mind:

• https://github.com/ittner/lua-iconv/issues/8 from rockspec's https://luarocks.org/modules/luarocks/lua-iconv
• the mimetypes package is used by luarocks-site and I wanted to install https://luarocks.org/modules/luarocks/mimetypes/1.0.0-2 but the src disappeared ! As workarounds I can use the rock file or package my fork of it but it seems better to fix it for everyone. I sent a mail to the author last week to no avail but as the rockspec submitter is "luarocks", maybe the package could be reuploaded under the luarocks org and the rockspec fixed with this new url ?

[teto]

I wanna add another one (I've just noticed the mainainer yesterday so it might not be unmaintained). Installing from workspec https://luarocks.org/modules/peterbillam/readline/3.3-0 fails because of certificates issues see https://github.com/peterbillam/muscript/issues/3 for more details.

cc @hishamhm for the first post issues since I think you uploaded both

[Tieske]

@teto most modules uploaded by "luarocks" are unmaintained rocks that the luarocks team had the courtesy for to upload by themselves to keep them available. However that doesn't mean Luarocks is now in some way responsible.

I noticed for the lua-mimetypes that @tst2005 also has a github clone. So we could move it to lunarmodules and set up a team with the 2 of you as maintainers.

[teto]

I didn't know about lunarmodules and that looks great for this usecase, note that I've created also a clone https://github.com/teto/lua-mimetypes/ (with the unzipped rock). I would be glad to transfer it to lunarmodules. Something that I find odd though is that lunarmodules seems to reference alive projects such as https://github.com/lunarmodules/busted while the disclaimer mentions only unmaintainted projects ?

If possible I would also like to put lua https://luarocks.org/modules/luarocks/lua-iconv under lunarmodules.

Once in lunarmodules, how does the upload to luarocks.org work ? do you give an API key or should I upload the rockspec under my own account ?

[Tieske]

Lunarmodules only provides governance, so most project there landed because their previous owners/maintainers handed them over. The lunarmodules team only does maintain the authorizations on github, the rest is on the maintainers.

For deployments to LuaRocks there are 2 modesl in use; set a secret in github and configure an automatic upload flow triggered on tags. Or have a apikey by one of the maintainers, who then uploads.

[teto]

Thanks to everyone involved, it should be fixed now ! Kudos to all

[teto]

arf I still have the issue with readline but finally managed to access gitlab (cloudflare sometimes goes into infinite loops for god knows what reason), and the author has been active lately so hopefully we can get to a solution https://gitlab.com/peterbillam/pjb_lua/-/issues/2

[teto]

trying to update the package set, I noticed that I had forked luabitop too (used in prosody apparently) so I followed the source and there is bunch of packages that are marked as archived from https://github.com/LuaDist. Shouldn't these be moved to lunarmodules as well ?

[Tieske]

LuaDist was a Lu adistribution based on cmake, that would also build the underlying lib, not only the binding.

They are typically not the source of the code, though they had many forks and updated them for cmake.

[teto]

seems like https://luarocks.org/modules/luarocks/readline is unneeded too since peter is active and updating https://luarocks.org/modules/peterbillam/readline. : pruning packages uploaded by luarocks "luarocks" can help see what is maintained