Someone apparently registered a 'portage' account on GitHub, and used it to publish some kind of ::gentoo repository mirror: https://github.com/portage/portage However, the whole thing doesn't seem to be maintained, data is severely outdated and the owner doesn't reply to bugs. If someone accidentally clones this instead of our official repo, that someone is going to hit a lot of outdated and vulnerable software. Could you try arranging for GitHub to remove this repository or at least add some clear indication this is not the official Gentoo 'product'?
(In reply to Michał Górny from comment #0) > Someone apparently registered a 'portage' account on GitHub, and used it to > publish some kind of ::gentoo repository mirror: The owner's identity is in cleartext in the git commit metadata: https://github.com/portage/portage/commit/9c80b9fe716cbdaae28eea7792fcb7b88bdb8a0e.patch
Good catch. I'll try mailing him.
I have successfully contacted the owner. He asked me whether we want to take the 'portage' GitHub user over. Do we have any use for it?
I think we should take it over and have GitHub add a redirect to the correct repo. That will ensure anybody that does have it cloned will get a redirect and/or useful error message.
mgorny: do you have an update on the redirect?
(In reply to Robin Johnson from comment #5) > mgorny: do you have an update on the redirect? The owner said GitHub didn't let him create the redirect. The repo was removed. I think the request to pass it over to us was forgotten somewhere. I'll re-ping.
@mgorny: ping
At this point, do we really care about the redirect?
I don't think that we have much of a handle there. Github policy is to assign account names on a first-come, first-serve basis: https://docs.github.com/en/site-policy/other-site-policies/github-username-policy AFAIK "portage" isn't a registered trade name, so we don't have any claims there. We could try to ask Github for removal of the account because of inactivity. Then again, does the Portage project need that Github account?