It had no implementation for years - since 456e5446.

(cherry picked from commit 59126a77)
The commit was apparently "reverted" unintentionally when resolving
conflicts in a5b14c25.

- no need to have gitter twice
- update information about modules (one cache, no alternative backends)
- add EPEL 7
- add mailing-list
- link to stable docs instead of latest master

Detected by clang as dead store.

Just loading the module without option was printing that it expected
number of milliseconds, which could've been confusing.

This happens e.g. after cache.clear(), and currently one can stay
long-term without that record in cache.  That was effectively disabling
aggressive answers from the root zone.

This needs disabling a buggy part of Deckard test.

It mostly worked, just by accident.
I see no use for negative initialization in this case.

There's no real effect, probably.

Symlinks are pointing to broken locations with the way we generate
source tarballs. Dereference them to avoid this issue.

Daniel Kahn Gillmor authored 7 years ago and Vladimír Čunát committed 7 years ago

"man man" says that the sections are:

       1   Executable programs or shell commands
       2   System calls (functions provided by the kernel)
       3   Library calls (functions within program libraries)
       4   Special files (usually found in /dev)
       5   File formats and conventions eg /etc/passwd
       6   Games
       7   Miscellaneous  (including  macro  packages  and  conventions), e.g.
           man(7), groff(7)
       8   System administration commands (usually only for root)
       9   Kernel routines [Non standard]

Since there is no command named kresd.system it does not belong in
section 8.

Section 7 includes conventions and useful patterns like gitcli(7),
which seems more similar to the documentation that is supplied in
kresd.systemd.

Verbose logging should be used for debugging purposes, as it generates a
lot of output. It shouldn't be turned on by default for normal mode of
operation.

ci: respdiff - use ipv4, increase timeout, collect kresd.log

See merge request !473

This reverts threshold that was bumped in
commit de7a4a96.

This decreases the amount of timeouts, which become SERVFAILs instead.
Overall, this results in more valid answers.

IPv6 isn't currently supported in our Docker image and using
it during resolution leads to a larger amount of timeouts.

To be able to use development version tarballs for creating distro
packages for Fedora/CentOS, the pre-release name can't contain
hyphens.

systemd: fixes for unit files

See merge request !476

The Service directives belong to the Socket section. Otherwise,
systemd fails to find the associated service and the socket can't start.

tls_client: fix error message logging

See merge request !478

tls_client: compatibility for older gnutls version

See merge request !475

Tomas Krizek authored 7 years ago and Grigorii Demidov committed 7 years ago

When older gnutls version is used, make sure not to use undeclared
symbols or functions.

drop world-executable permissions on /run/knot-resolver

See merge request !477

It's not clear why anyone other that the superuser needs to be able to
descend into /run/knot-resolver, so we should drop this extra
permission.

it appears to have been added
e0f33604, but the log message for that
commit doesn't explain why the permission needs to be loosened.

The main situation that calls for executable but not readable
directories is when a directory contains something at a known location
that everyone must be able to reach, but also contains some sensitive
file with a name that itself is unguessable (i.e. high entropy
string).  That doesn't appear to be the case here.

By principle of least privilege, we should leave it locked down unless
there's a clear justification for opening it up.