Disclaimer: I have no idea what I'm doing when it comes to shell
scripts.
maint/thanks.sh autogenerates a list of contributors since a revision
(that you pass it on the command line), intended to make the work of
going through the shortlog a bit less manual. It can exclude
contributors' names given in maint/exclude_contributors.txt, in order to
filter out people who work for Tor, or who commit under more than one
name.
Thanks to the chrono update, we no longer include an
obsolete/vulnerable version of the `time` crate. Unfortunately, it
turns out that chrono has the same trouble as `time`: it, too, looks
at the environment via localtime_r, and the environment isn't
threadsafe.
One step forward, one step back. At least the underlying issue is
one that lots of people seem to care about; let's hope they come up
with a solution.
Previously I'd hoped to have it only apply to reproducible builds,
but the work of keeping it up-to-date and checking it for drift
seems to have been tripping us up. Let's try doing it the other way
for now, and we'll see how that goes.
Linux hash : c024778da162cda77869c46d162729d012a7758bee973bc83fa78c964d080903
Windows hash : e97e171740b889b7e3722b79c3763177174baac7fa34a5c3615c999298e1bc48
And convert some `add_or_port` calls to use `SocketAddr` instead of
parse + unwrap on strings.
> Note, this last change is only for IPv4 addresses, for now, and only
> within tests.
> Check `implicit_clone` section of Clippy documentation for details;
>
> https://rust-lang.github.io/rust-clippy/master/index.html#implicit_clone
This adds, and addresses, the following Clippy configuration to crates;
#![deny(clippy::implicit_clone)]
And moves related line within `maint/add_warning.py` file. My intent is to
mitigate extra edits after merging, so please let me know if I need to do this
last bit differently.
We implement this by giving a list of permitted licenses, and then
using cargo-license to dump everything's actual license. Since
packages list their licenses as "x OR y OR z", we permit any package
that is available under at least one license on the allow-list.
This is a somewhat obnoxious change in its scope and requirements,
but it makes it easier to understand what the real public and
private parts of our APIs are.