Suricata has 2 active branches: 6.0.x and 7.0.x

[victorjulien]

Projects affected

suricata

https://repology.org/project/suricata/versions

Observed behavior 6.0.16 is listed as outdated

Expected behavior 6.0.16 is the up to date release for the 6.0.x branch and currently supported

[AMDmi3]

Works as intended. If a repository only provides only 6.x version, it would be classified as outdated, because there's newer version. If a repository provides both 7.x and 6.x versions, latter would be marked as legacy instead of outdated.

[victorjulien]

Thanks for looking into this @AMDmi3 . I didn't see examples of projects using "legacy", but it would seem the idea of our 6.0.x versions being marked "legacy" would fit my understanding of what we're doing. Until 6.0.x is EOL, we provide updates to 6.0.x and 7.0.x at the same time. So I think we meet "If a repository provides both 7.x and 6.x versions, latter would be marked as legacy instead of outdated". Is any action required to get the latest 6.0.x be marked as "legacy"?

[AMDmi3]

Statuses such as newest, outdated and legacy are not assigned to upstream versions, these are calculated for each repository individually. The same version (say, 6.0.16) may be classified as legacy in one repository (which provides later version) and as outdated in another (which doesn't provide latest version, and it serves as an indication that a newer version is available).

This is not really visible for suricata, because no repository currently provides both 7.x and 6.x, but see nginx for example:

[victorjulien]

Got it, thanks for the explanation.

I guess I would see value in repology displaying whether the packaged versions are considered current by their upstreams, but that would require a new level of analysis and sources of this type of info.

[AMDmi3]

That would not require any analytics, that would require all upstreams to submit their notion of current versions. I don't see it as possible and I don't see which problem it would solve.