Open stachenov opened 8 months ago
I tried to contact some distro packagers and downstream users but haven't got much of a response to help out.
I am willing to try and maintain this for a bit longer, would hate to see it abandoned or forked into million pieces.
Hopefully someone else joins down the road.
I've tried to add you to the collaborator list, check it out.
Looks ok, I can push. If anything is missing I'll let you know.
@stachenov see if you can grant me permission to create and upload packages to this repo. I'd like to make images with different versions of Qt preinstalled to test the QUAZIP_USE_QT_ZLIB=ON
variants which is not possible with GH Qt action.
@cen1 I don't see this option anywhere. I never dealt with packages before, so I've no idea where to look. I've tried googling a bit, but without much success. If you could point me to a guide, it would help a lot.
According to docs I should already have that permission, I think I'm just naming the images wrong. Ignore for now.
@stachenov can you give me a brief instructions how to update the github pages docs?
Check out the gh-pages
branch into doc/html
. Run doxygen
to update these docs from sources. Then just commit and push the result.
I'll try to check some issues in my spare time, and of course make a proper judgment over QtZlib.
@stachenov I am including OSSF scorecard scans to implement best security practices for the repo. Please protect the branches as reported here: https://github.com/stachenov/quazip/security/code-scanning/26
OK, I've tried to protect master
and v0.9.x
from force-pushes and deletions. Is that enough?
The result is a bit weird, as the warning on the main repo page about the branch not being protected has disappeared, but in the repo settings it still warns me that there are no branch protection rules. At the same time, I can see the ruleset I've created under the rules section in the settings. It's either I did it correctly, but in a more complicated way than necessary (creating a ruleset instead of just enabling branch protection), or I did something wrong.
force push and deletion should be enough for now, it might be that the scanner does not know about the rules, I'll look into it
The scanner seems to be detecting it all right, the score is now up to 3 from 0. It's the Branches section under repo settings that keeps telling me that I haven't protected any branches even though I have.
I tried to do it on my fork and this is how I see it (and scan alert went away also)
Yes, I meant that section. It's empty for me and warns me about branches not being protected. But there's a rule under the ruleset section, and it seems to work.
Looks like there are two different mechanisms for doing the same thing, and I used the more complicated one because that's where the link from the security scan took me. The end result seems to be OK, though.
Hello @stachenov and @cen1 Thank you for your contribution, which has been very useful in integrating zip archive management. This is the first time I've contributed to an open source project and I don't really know how to contribute to this library.
What I can contribute is that I regularly compile and deploy my software (using quazip) in production under the Qt5 and Qt6.7.xx environments. This under macOS / AppStore and Windows mingw
I propose to integrate my code (no more Core5Compat dependency with Qt6) to allow quazip to be ready for the future of Qt6.
I'll use this issue as a general PSA for any interested parties.
Since getting commit rights I didn't have a ton of time to work on quazip but it's better than nothing, some decent fixes landed and various pull requests have been quite helpful.
I hope to review #199 by the end of the year and then tag a "stable" release.
After that the priority task would be to update minizip source.
Updating minizip source is easier said than done, because it's been modified quite a bit to adapt it to QuaZip's needs. And to implement certain features. I don't remember the details, but I've actually tried to look into it, and it doesn't look easy.
TL;DR: QuaZip is mostly abandoned until someone steps in as the new maintainer.
This project started a long time ago, circa 2005, when I needed something to work with ZIP archives in one of my Qt projects, and realized that no library is compatible with the Qt API. So I decided to make my own.
Since then, I've implemented all I've wanted, and the project became semi-popular. People actually started using it. Well, that's all good, that's what open source is for. I also kept using it, so I was still in the flow and could afford to spend some time maintaining it.
But then, something major happened. I changed my job (for the first time in 18 years!) and moved to another country at that. My life changed a lot, and among the changes are two things: I have much less free time now, and I barely ever deal with C/C++, I work mostly with Java and Kotlin now. As a consequence, even compiling and testing QuaZip before releasing it became a pain. I don't even have the necessary environment set up any more because I don't need it for anything else. And the thing with open source is, since I'm doing it for free, I'm not exactly motivated to sacrifice my valuable time and spend a lot of effort on something I no longer need myself.
So unless a new maintainer shows up, this project can be considered pretty much abandoned. Feel free to fork it and patch it for your own needs, of course, and if you'd like to become the new maintainer, well, just drop a comment here, I'll grant you the necessary rights.