I believe all these tests require the network, at least they seem to
fail if it's I run them without connecting my computer to the web.
I'm looking at this as part of packaging linkchecker for GNU Guix,
where the package is build and the tests are run in a isolated
environment, intentionally without network access, to avoid issues
with non-reproducible package builds.
PR #196 bumped this to 2.20 to fix a security warning about requests
in our repository, but I believe that warning can be fixed by removing
only the upper bound. This should make backporting linkchecker to
older systems easier, where requests presumably has the 2.20 fix
backported.
Requests versions <= 2.19.1 are vulnerable to CVE-2018-18074:
> The Requests package through 2.19.1 before 2018-09-14 for Python sends
> an HTTP Authorization header to an http URI upon receiving a
> same-hostname https-to-http redirect, which makes it easier for remote
> attackers to discover credentials by sniffing the network.
Thank you, GitHub security alerts, for bringing this to my attention.
While reviewing our contribution guidelines in #139, we found we had no formal way of removing disappeared or idle maintainers, at least not explicitly, in the Membership section. This was a problem to get changes done on the contributing document which requires consensus from the maintainers.
This change introduces a way to make changes to the document by using it as a "vote of confidence", in a way: if a change is proposed and an administrator does not respond within a given 1-month delay, the administrator can be demoted down to a regular maintainer and the document approved.
Closes: #139
Without this patch, tests would fail on IPv6 hosts with this
mysterious error:
```
_______________________________________________________________________ TestHttpMisc.test_html ________________________________________________________________________
tests/checker/test_http_misc.py:30: in test_html
self.obfuscate_test()
tests/checker/test_http_misc.py:51: in obfuscate_test
url = u"http://%s/" % iputil.obfuscate_ip(ip)
linkcheck/network/iputil.py:290: in obfuscate_ip
raise ValueError('Invalid IP value %r' % ip)
E ValueError: Invalid IP value '2a02:2e0:3fe:1001:7777:772e:2:85'
```
As it turns out, the test host (`www.heise.de`) does have an IPv6
record and our tests pass on Travis only because they do not have a
working IPv6 stack. I happen to have IPv6 at home and tests are broken
here, so add a quick workaround so tests pass again.
Ideally, we would not have to deal with this hack and would handle
"obfuscation" correctly, but I have yet to figure out what that test
actually does before fixing it properly.
The idea here is that this guide can be reused by other projects,
which might not be on GitHub. By making the URL pointers more generic,
it makes it easier to change them in one central location.
Positive feedback allows the community and passers-by to contribute in
a positive way without requiring any technical capabilities: just a
little thank you helps!
Security issues might be handled differently. Explicitely state we
follow responsible disclosure guidelines.
This comes from the ecdysis project.
This ensure the files are in standard locations so that GitHub finds
them. This will hopefully help people provide more detailed bug
reports in the future as well.
