Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes#8869
- bump actions/checkout from 2 to 3
- bump actions/upload-artifact from 1 to 3
- bump github/codeql-actions from 1 to 2
- use version tag for actions/checkout
Closes#8843
Unfortunately the GitHub API requires a token with write permission
for both issues and pull-requests to edit labels on even just PRs.
Follow up to #7897
Replace test-nonflaky with test-ci and enable verbose output
in all remaining CIs except Zuul which is customized a lot.
Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Follow up to #7785Closes#7832
Automatically add hacktoberfest-accepted label to PRs opened between
September 30th and November 1st once a commit with a close reference
to it is pushed onto the master branch.
With this workflow we can participate in Hacktoberfest while not
relying on GitHub to identify PRs as merged due to our rebasing.
Requires hacktoberfest-accepted labels to exist for PRs on the
participating repository. Also requires hacktoberfest topic on
the participating repository to avoid applying to forked repos.
Reviewed-by: Daniel Stenberg
Fixes#7865Closes#7897
Warning: this will make existing curl command lines that use metalink to
stop working.
Reasons for removal:
1. We've found several security problems and issues involving the
metalink support in curl. The issues are not detailed here. When
working on those, it become apparent to the team that several of the
problems are due to the system design, metalink library API and what
the metalink RFC says. They are very hard to fix on the curl side
only.
2. The metalink usage with curl was only very briefly documented and was
not following the "normal" curl usage pattern in several ways, making
it surprising and non-intuitive which could lead to further security
issues.
3. The metalink library was last updated 6 years ago and wasn't so
active the years before that either. An unmaintained library means
there's a security problem waiting to happen. This is probably reason
enough.
4. Metalink requires an XML parsing library, which is complex code (even
the smaller alternatives) and to this day often gets security
updates.
5. Metalink is not a widely used curl feature. In the 2020 curl user
survey, only 1.4% of the responders said that they'd are using it. In
2021 that number was 1.2%. Searching the web also show very few
traces of it being used, even with other tools.
6. The torrent format and associated technology clearly won for
downloading large files from multiple sources in parallel.
Cloes #7176
