A GitHub for maintainers - Giving dependencies the same treatment the fork got

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sun, 03 May 2026 11:46:58 GMT

avsm@amok.recoil.org — Sun, 03 May 2026 11:46:58 GMT

@andrewnez back in 2015 we experimented with 'reverse PRs' for docker/go: so every time i pushed to the lib i maintain i'd get a report back of all the downstream users i'd broken. I still really want that

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sun, 03 May 2026 07:03:27 GMT

wolf480pl@mstdn.io — Sun, 03 May 2026 07:03:27 GMT

@csepp
@andrewnez
while at it, why not add a, separate "known defect database" where things don't get closed by a stalebot / as "we don't have time for that"?

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 22:10:00 GMT

csepp@merveilles.town — Sat, 02 May 2026 22:10:00 GMT

@andrewnez > Rename “issues”
Oh my glowcloud, yes, please! I would also add that users need a place to report incidents as a thing separate from a known defect. An incident could have multiple causes, or even an unknown cause.

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 20:31:01 GMT

zimm_i48@fediscience.org — Sat, 02 May 2026 20:31:01 GMT

@andrewnez
I'm obliged to do some advertising for tools that were developed in a research context for just this use case: https://github.com/alien-tools/breakbot for Java, with static analysis (by Ochoa, Degueule and @jrfaller) and https://github.com/rocq-community/coq-nix-toolbox for Coq/Rocq project but which would be feasible to generalize to other ecosystems (by Cohen and me).
@djc

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 18:16:54 GMT

andrewnez@mastodon.social — Sat, 02 May 2026 18:16:54 GMT

@djc also only needs a subset of dependents, not every single one

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 18:15:06 GMT

andrewnez@mastodon.social — Sat, 02 May 2026 18:15:06 GMT

@djc could probably do the same for go and java too

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 18:14:32 GMT

djc@hachyderm.io — Sat, 02 May 2026 18:14:32 GMT

@andrewnez maybe. And arguably it’s not all that different from triggering every downstream’s CI via Dependabot/Renovate after the release.

Though now I’m wondering for Rust if it would be feasible to do like a static analysis version of this, plowing through the rustwide corpus looking for specific code paths.

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 18:11:20 GMT

andrewnez@mastodon.social — Sat, 02 May 2026 18:11:20 GMT

@djc I think it could be ran cheap enough, especially if it’s not ran on every commit

Reply to A GitHub for maintainers - Giving dependencies the same treatment the fork got on Sat, 02 May 2026 18:01:35 GMT

djc@hachyderm.io — Sat, 02 May 2026 18:01:35 GMT

@andrewnez having something crater-like would be amazing, but it also seems very expensive, potentially prohibitively so? I do wonder if we could do the static analysis version of that at least for languages like Rust.