You are not logged in.

#1 2022-12-05 09:26:18

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

Orphaned packages in the official repos

While investigating another issue upgrading python-cairo, I noticed that the package is marked as orphaned:
https://archlinux.org/packages/extra/x8 … hon-cairo/
Screenshot: https://srv.richard-neumann.de/python-c … phaned.png

What implications does this state have?

My assumption: Orphaned packages do not necessarily receive updates because they have no maintainer.
If that assumption is correct: Is there a way for pacman to filter out orphaned packages in the official repos, so that I don't have unmaintained packages on my system that might have unfixed vulnerabilities?

Thanks!

Last edited by schard (2022-12-05 09:29:46)

Offline

#2 2022-12-05 12:26:29

2ManyDogs
Forum Moderator
Registered: 2012-01-15
Posts: 4,645

Re: Orphaned packages in the official repos

Moving to Arch Discussion.


How to post. A sincere effort to use modest and proper language and grammar is a sign of respect toward the community.

Offline

#3 2022-12-05 12:35:42

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Orphaned packages in the official repos

Pacman does not know anything about whether a package is orphaned or not, so not filter from there.

However, orphan packages get attention from many people.  Packages maintained by an inactive packager get attention from zero people...  and there is likely more of them than orphans.

Offline

#4 2022-12-06 09:10:36

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

Re: Orphaned packages in the official repos

I am pretty sure that you are exaggerating with your last sentence, but I get the notion.
Is there a streamlined way for us end-users to see which packages on our systems are unmaintained aside from browsing each package in online package list linked above?
I regularly check my system for removed packages via

$ pacman -Qmq

but the packages in question are orphaned, but not removed from the repos.
Hence, as you said, there is no way for pacman to know the maintenance status at any given moment.

Offline

Board footer

Powered by FluxBB