As noted in docs/release.md, we only provide security updates for the
latest two releases. Let's thus drop the build status of both v0.27 and
v0.26 branches, adding the new v0.99 branch instead.
GitHub has recently introduced a new set of tools that aims to
ease the process around vulnerability reports and security fixes.
Part of those tools is a new security tab for projects that will
display contents from a new SECURITY.md file.
Move relevant parts from README.md to this new file to make use
of this feature.
The recommendation from engineers within Microsoft is that libraries
should have a calling convention specified in the public API, and that
calling convention should be cdecl unless there are strong reasons to
use a different calling convention.
We previously offered end-users the choice between cdecl and stdcall
calling conventions. We did this for presumed wider compatibility: most
Windows applications will use cdecl, but C# and PInvoke default to
stdcall for WINAPI compatibility. (On Windows, the standard library
functions are are stdcall so PInvoke also defaults to stdcall.)
However, C# and PInvoke can easily call cdecl APIs by specifying an
annotation.
Thus, we will explicitly declare ourselves cdecl and remove the option
to build as stdcall.
We do not list all build options inside of the README.md, and we
definitly shouldn't do so. But in order to help people discover what can
be configured, add instructions on how to have CMake generate the list
of all knobs together with their current value.
Our non-technical documents are currently floating around loosely in our
project's root, making it harden than necessary to discover what one is
searching for. We do have a "docs/" directory, though, which serves
exactly that purpose of hosting documentation.
Move our non-technical documentation into the "docs/" directory. Adjust
all links to these documents.
By now, our README has grown quite long, and at multiple occassions
people were unable to find the correct spot in our documentation. Add a
table of contents to at least present an overview over all topics that
are being covered by our README.
Since we recommend `ctest -V`, it's not clear why somebody would want to
run `libgit2_clar`. Indicate that it's helpful when running individual
tests or suites.
Suggest that users run `ctest -V` instead of `make test` when getting
started. `ctest -V` is superior over alternatives as:
1. Unlike `make test`, it gives output. Users getting started with
the library believe that it is hung.
2. `ctest -V` shows verbose output; showing suite names is helpful for
giving users more feedback immediately.
libgit2 is a mere consumer of changes which are trickling down from the
upstream git.git project. This commit documents the ramifications caused
by this relation.
deps/regex was included in Android build because Android NDK 4 has
a packaging bug and doesn't have the regular expression functions defined
in its libc.so. The bug has been fixed in subsequent Android NDK releases.
If it is still necessary to work around the bug in Android NDK 4, we
should consider to use an option like ANDROID_NDK_RELEASE or
ANDROID_NDK_RELEASE_NUM.
