stachenov / quazip

Qt/C++ wrapper over minizip
Other
578 stars 234 forks source link

New maintainer wanted #185

Open stachenov opened 8 months ago

stachenov commented 8 months ago

TL;DR: QuaZip is mostly abandoned until someone steps in as the new maintainer.

This project started a long time ago, circa 2005, when I needed something to work with ZIP archives in one of my Qt projects, and realized that no library is compatible with the Qt API. So I decided to make my own.

Since then, I've implemented all I've wanted, and the project became semi-popular. People actually started using it. Well, that's all good, that's what open source is for. I also kept using it, so I was still in the flow and could afford to spend some time maintaining it.

But then, something major happened. I changed my job (for the first time in 18 years!) and moved to another country at that. My life changed a lot, and among the changes are two things: I have much less free time now, and I barely ever deal with C/C++, I work mostly with Java and Kotlin now. As a consequence, even compiling and testing QuaZip before releasing it became a pain. I don't even have the necessary environment set up any more because I don't need it for anything else. And the thing with open source is, since I'm doing it for free, I'm not exactly motivated to sacrifice my valuable time and spend a lot of effort on something I no longer need myself.

So unless a new maintainer shows up, this project can be considered pretty much abandoned. Feel free to fork it and patch it for your own needs, of course, and if you'd like to become the new maintainer, well, just drop a comment here, I'll grant you the necessary rights.

cen1 commented 8 months ago

I tried to contact some distro packagers and downstream users but haven't got much of a response to help out.

I am willing to try and maintain this for a bit longer, would hate to see it abandoned or forked into million pieces.

Hopefully someone else joins down the road.

stachenov commented 8 months ago

I've tried to add you to the collaborator list, check it out.

cen1 commented 8 months ago

Looks ok, I can push. If anything is missing I'll let you know.

cen1 commented 8 months ago

@stachenov see if you can grant me permission to create and upload packages to this repo. I'd like to make images with different versions of Qt preinstalled to test the QUAZIP_USE_QT_ZLIB=ON variants which is not possible with GH Qt action.

stachenov commented 8 months ago

@cen1 I don't see this option anywhere. I never dealt with packages before, so I've no idea where to look. I've tried googling a bit, but without much success. If you could point me to a guide, it would help a lot.

cen1 commented 8 months ago

According to docs I should already have that permission, I think I'm just naming the images wrong. Ignore for now.

cen1 commented 8 months ago

@stachenov can you give me a brief instructions how to update the github pages docs?

stachenov commented 8 months ago

Check out the gh-pages branch into doc/html. Run doxygen to update these docs from sources. Then just commit and push the result.

aikawayataro commented 8 months ago

I'll try to check some issues in my spare time, and of course make a proper judgment over QtZlib.

cen1 commented 7 months ago

@stachenov I am including OSSF scorecard scans to implement best security practices for the repo. Please protect the branches as reported here: https://github.com/stachenov/quazip/security/code-scanning/26

stachenov commented 7 months ago

OK, I've tried to protect master and v0.9.x from force-pushes and deletions. Is that enough?

The result is a bit weird, as the warning on the main repo page about the branch not being protected has disappeared, but in the repo settings it still warns me that there are no branch protection rules. At the same time, I can see the ruleset I've created under the rules section in the settings. It's either I did it correctly, but in a more complicated way than necessary (creating a ruleset instead of just enabling branch protection), or I did something wrong.

cen1 commented 7 months ago

force push and deletion should be enough for now, it might be that the scanner does not know about the rules, I'll look into it

stachenov commented 7 months ago

The scanner seems to be detecting it all right, the score is now up to 3 from 0. It's the Branches section under repo settings that keeps telling me that I haven't protected any branches even though I have.

cen1 commented 7 months ago

Screenshot_20240401_175635 I tried to do it on my fork and this is how I see it (and scan alert went away also)

stachenov commented 7 months ago

Yes, I meant that section. It's empty for me and warns me about branches not being protected. But there's a rule under the ruleset section, and it seems to work.

Looks like there are two different mechanisms for doing the same thing, and I used the more complicated one because that's where the link from the security scan took me. The end result seems to be OK, though.

geustache commented 4 months ago

Hello @stachenov and @cen1 Thank you for your contribution, which has been very useful in integrating zip archive management. This is the first time I've contributed to an open source project and I don't really know how to contribute to this library.

What I can contribute is that I regularly compile and deploy my software (using quazip) in production under the Qt5 and Qt6.7.xx environments. This under macOS / AppStore and Windows mingw

I propose to integrate my code (no more Core5Compat dependency with Qt6) to allow quazip to be ready for the future of Qt6.

cen1 commented 1 month ago

I'll use this issue as a general PSA for any interested parties.

Since getting commit rights I didn't have a ton of time to work on quazip but it's better than nothing, some decent fixes landed and various pull requests have been quite helpful.

I hope to review #199 by the end of the year and then tag a "stable" release.

After that the priority task would be to update minizip source.

stachenov commented 1 month ago

Updating minizip source is easier said than done, because it's been modified quite a bit to adapt it to QuaZip's needs. And to implement certain features. I don't remember the details, but I've actually tried to look into it, and it doesn't look easy.