From 69d15a7a51a096b6acf00ccf23e1b988076d3b5f Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 1 Jan 2024 10:43:13 +0000 Subject: [PATCH 3/4] doc: various updates and disclaimers Covering my ass from draconian legislation. --- HACKING | 13 +++++++++---- README | 9 +++++++++ TODO | 4 +--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/HACKING b/HACKING index 5aca83e..777e75e 100644 --- a/HACKING +++ b/HACKING @@ -6,6 +6,8 @@ Like Mongrel, we use Ruby where it makes sense, and Ragel with C where it helps performance. All of the code that actually runs your Rack application is written Ruby, Ragel or C. +Ragel may be dropped in favor of a picohttpparser-based one in the future. + As far as tests and documentation goes, we're not afraid to embrace Unix and use traditional Unix tools where they make sense and get the job done. @@ -16,6 +18,9 @@ Tests are good, but slow tests make development slow, so we make tests faster (in parallel) with GNU make (instead of Rake) and avoiding RubyGems. +New tests are written in Perl 5 and use TAP +to ensure stability and immunity from Ruby incompatibilities. + Users of GNU-based systems (such as GNU/Linux) usually have GNU make installed as "make" instead of "gmake". @@ -69,10 +74,10 @@ supported by the versions of Ruby we target. === Ragel Compatibility -We target the latest released version of Ragel and will update our code -to keep up with new releases. Packaged tarballs and gems include the -generated source code so they will remain usable if compatibility is -broken. +We target the latest released version of Ragel in Debian and will update +our code to keep up with new releases. Packaged tarballs and gems +include the generated source code so they will remain usable if +compatibility is broken. == Contributing diff --git a/README b/README index 84c0fdf..b60ed00 100644 --- a/README +++ b/README @@ -122,6 +122,7 @@ supported. Run `unicorn -h` to see command-line options. There is NO WARRANTY whatsoever if anything goes wrong, but {let us know}[link:ISSUES.html] and maybe someone can fix it. +No commercial support will ever be provided by the amateur maintainer. unicorn is designed to only serve fast clients either on the local host or a fast LAN. See the PHILOSOPHY and DESIGN documents for more details @@ -132,6 +133,14 @@ damage done to the entire Ruby ecosystem. Its unintentional popularity set Ruby back decades in parallelism, concurrency and robustness since it prolongs and proliferates the existence of poorly-written code. +unicorn hackers are NOT responsible for your supply chain security: +read and understand it yourself or get someone you trust to audit it. +Malicious commits and releases will be made if under duress. The only +defense you'll ever have is from reviewing the source code. + +No user or contributor will ever be expected to sacrifice their own +security by running JavaScript or revealing any personal information. + == Contact All feedback (bug reports, user/development dicussion, patches, pull diff --git a/TODO b/TODO index ebbccdc..a3b18fd 100644 --- a/TODO +++ b/TODO @@ -1,3 +1 @@ -* Documentation improvements - -* improve test suite +* improve test suite (port to Perl 5 for stability and maintainability)