-
-
Notifications
You must be signed in to change notification settings - Fork 10.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove appcast checkpoints? #48051
Comments
Thanks for pinging me! Are they used for anything relating to security? If not, remove them! It makes no sense for the casks which @jcbot updates. I always check against the version string, if we need updates and not against the hash of the URL. |
Although my scripts rely entirely on the appcast I have a blacklist of around 1000 casks that fall into this category, although by the time I run the script which scrubs the blacklist of any invalid entries (i.e. casks whose I think removing the I like the idea of tailored code for each cask being used to find the latest version, as discussed in #41240. Out of curiosity, would we have some sort of bot which automatically submits the PRs, or would different contributors be able to update the casks themselves? If the latter is the case, how would we avoid pull request duplicates? |
My initial idea:
Since a huge chunk (the majority?) of submissions use This means that in time the bot would do every version bump, with humans fixing problems in the casks themselves and the updating mechanism. |
Thanks for the ping. I do have an issue on my own tool's github to basically throwaway the current version of appcast in favor or something tailored to each cask that I would keep on my side (eg. outside HBC)... but it is still an issue an not yet implemented. All of my current automated scanning relies on url/version sniffing, since I found the appcasts to be a terrible signal-to-noise ratio (as well summarized by @gtmgianni ) as they currently exist. I would support any move towards automated maintenance/updates of casks. EDIT: I actually should add that as part of my scripting I do still output the appcasts, as for some casks (particularly if they have a softwall for download, or don't show you what version you're downloading) I will still double check the appcast to verify if an update was posted there after I've found it via url sniffing. |
Somewhat ironically, yesterday and today I have implemented a local sqlite database and have resumed appcast scanning (using cityhash instead of the appcast checkpoints) on my side... |
I'm against removing them until we have an actual alternative. |
We benefit from removing them now as we can add appcasts to everything that can then be used by the current scripts/tools in use by contributors, waiting means removing more appcasts. |
I would still like to see an official tool before we remove the checkpoints. |
I don't see any reason to wait for an offical tool to be implemented. |
And I don't see any reason to remove it when an alternative does not exist yet. A checkpoint is still more useful than nothing. |
A checkpoint that changes without a version bump is not useful. An unstable appcast that has been removed is not useful. |
As someone who was heavily involved in the process for the inception of There was once a system in place that I built that took advantage of checkpoints and there’s a reason I’ve decided to go the way of not checking them rather than improve the old. The old system would warn when an appcast was outdated and then we still had to check and update to the new version. I think we all agree we’d rather the bot checks the appcast and sends the update in one step. Since verifying a checkpoint still requires we download the whole appcast, having it doesn’t really offer any advantage. Right now, my only interaction with While there’s no need to rush to remove them, I do think we eventually should and predict no situation in which keeping them will be the right choice. Since whatever system we implement will be kept outside the casks, even if it uses a form of checkpoint those values can be kept in the system instead of cluttering the cask. |
👏 💯 Also, I see Removing them would also somewhat simplify implementation of a |
Removed another appcast: #48263 |
To reiterate, I support @commitay and @vitorgalvao in removing the CHECKPOINTS - the appcast URL is still valuable. |
@commitay / @vitorgalvao: Could we push for a release of https://github.com/Homebrew/brew? For me running
|
@leipert its ok for me?
|
@leipert Run |
@brianmorton / @MikeMcQuaid: Won't help, as I am on brew stable:
|
Homebrew has been removing these everywhere. See Homebrew/homebrew-cask#48051 Signed-off-by: Tim Smith <tsmith@chef.io>
Homebrew has been removing these everywhere. See Homebrew/homebrew-cask#48051 Signed-off-by: Tim Smith <tsmith@chef.io>
Refs: #47728, #38376, #43605, #41240 and others
This has been discussed briefly in a few places, opened this for a proper discussion.
This would basically be as the title says, the
checkpoint
string would be removed along with the_appcast_checkpoint
command while keeping theappcast
URL that can be parsed with external scripts/tools.cc @brianmorton @colindunn @gtmgianni @leipert People that use their own scripts/tools for cask updates.
Would also like to know what other contributors think about this so please feel free to comment.
The text was updated successfully, but these errors were encountered: