Finish bitmath 2.1.0 NEWS.rst and tidy Sphinx config#148
Merged
Conversation
Flips Unreleased to Released (2026-05-24), expands the intro to mention the supply-chain work, adds a Hypothesis property-testing bullet under Project Infrastructure, and adds two new sections: - Security and Supply Chain: OpenSSF Best Practices badge, OSPS Baseline L1/L2/L3 status, OSSF Scorecard, SHA-pinned actions, Dependabot, hardened workflow token permissions, pip-audit SCA, CycloneDX SBOM attached to releases. - Project Documentation and Governance: MAINTAINERS.md, ARCHITECTURE.md, SECURITY_ASSESSMENT.md, SECURITY_POLICIES.md, VERIFICATION.md, SECURITY.md CVD response timeframes, and the https-everywhere doc-URL sweep. Each filename header links to the file on master.
Sphinx now auto-converts the string form ('.rst') to the dict form
({'.rst': 'restructuredtext'}) at build time and logs a notice every
run. Declaring the dict form directly keeps make docs output quiet
and matches current Sphinx documentation.
Sweep of dead and http-scheme links surfaced by a curl-based audit of all URLs in the docsite and NEWS.rst. Broken (4xx) replaced with working targets: - classes.rst: BIPM SI brochure chapter3 path is gone; point at the brochure landing page. - real_life_examples.rst: Apple's 2001 iPod press release is gone; point at a Wayback Machine snapshot so the citation survives. - NEWS.rst: Fedora admin.fedoraproject.org pkgdb is long deprecated; point at src.fedoraproject.org/rpms/python-bitmath. http -> https upgrades on working hosts: - appendices/on_units.rst: tldp.org - appendices/who_uses.rst: travelcrm.org.ua - simple_examples.rst: miniwebtool.com (canonical drops www) NEWS.rst revert: the Coveralls account never moved with the GitHub rename, so the badge URL must stay at coveralls.io/github/tbielawa, not timlnx. Earlier sweep was over-aggressive.
Round two of the URL audit: items that currently auto-redirect but where the canonical target has moved. GitHub account rename (tbielawa -> timlnx): - index.rst.in: link to the tests/ directory. - NEWS.rst: historical PR links for #105 and #107. Note: NEWS.rst:870 Coveralls badge stays at tbielawa on purpose. The Coveralls account did not migrate with the GitHub rename and that URL is where the coverage data actually lives. Fedora wiki -> docs.fedoraproject.org/en-US/epel/: - NEWS.rst (two occurrences) for the EPEL reference. pypi.python.org -> pypi.org: - NEWS.rst: bitmath project page. - index.rst.in: hurry.filesize reference for prefix-selection prior art. mkaz.blog Python String Format Cookbook moved to a new path under the working-with-python tree: - instances.rst seealso link. TravelCRM (appendices/who_uses.rst): Bitbucket source repo is gone (Bitbucket dropped Mercurial in 2020) and the project itself appears abandoned. Removed both links and the dangling Bitbucket clause; kept the bare-text mention as a historical entry.
Adds a `make linkcheck` target that dispatches to Sphinx's built-in linkcheck builder. Scans every external URL in the docsite plus NEWS.rst (included via `.. include::`) and writes a structured report to docsite/build/linkcheck/output.txt. Configured in docsite/source/conf.py: - 8 parallel workers (default is 5) - 15-second timeout per URL - 2 retries on transient failures - Anchor checking enabled (catches dead #L<n> line refs etc.) - Ignore patterns for known-quirky endpoints: - api.securityscorecards.dev (serves SVG, 405 on HEAD, 302 on GET) - web.archive.org pinned snapshots (occasional 5xx during indexing) Not wired into `make ci` on purpose. Link rot happens independently of code changes, so the right home for this is a weekly GH Actions cron, not every PR build. To run locally: `make linkcheck`.
Round three of the URL audit, this time driven by `make linkcheck`
output rather than manual curling. linkcheck caught several things
the earlier passes missed.
Stale anchors dropped:
- NEWS.rst: Makefile#L177 link from a 2014 entry; the virtualenv:
target sits at L186 now and pinning by line number to a 10+ year
old file location is fragile. Drop the anchor; keep the file link.
URL refreshes that were currently 30x-redirecting:
- NEWS.rst: pypi-attestations repo moved from trailofbits to the
pypi org (this URL came in with my 2.1.0 NEWS write-up).
- on_units.rst: tldp.org dropped the www subdomain canonically.
- who_uses.rst: codedellemc -> thecodeteam for the ScaleIO flocker
driver.
- related_projects.rst: pypi.python.org -> pypi.org for the
hurry.filesize prior art reference (last pypi.python.org URL in
the tree).
readthedocs trailing-path normalization (so the URL stops bouncing
through a redirect to its own /en/{latest,stable}/ canonical):
- contributing.rst: pytest-cov, pylint
- integration_examples.rst, module.rst: progressbar2
Badge host: readthedocs.org/projects/bitmath/badge -> the new
app.readthedocs.org host the project redirects to.
docsite/source/conf.py: cap linkcheck_rate_limit_timeout at 10s so
a single rate-limited host (GitHub, gnu.org) does not stall an
interactive `make linkcheck` run for minutes at a time. Default is
60+ seconds because Sphinx honors Retry-After headers; 10s is more
useful for local iteration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two focused changes for the bitmath 2.1.0 release happening today.
NEWS.rst: fills out the bitmath-2.1.0 section. Flips
*Unreleased*to*Released: May 24, 2026*, expands the intro to name the supply-chain work, adds a Hypothesis property-testing bullet under Project Infrastructure, and adds two new sections:MAINTAINERS.md,ARCHITECTURE.md,SECURITY_ASSESSMENT.md,SECURITY_POLICIES.md,VERIFICATION.md, plus the SECURITY.md CVD response timeframes and the https-everywhere doc-URL sweep.docsite/source/conf.py: switches
source_suffixfrom the string form ('.rst') to the dict form ({'.rst': 'restructuredtext'}) so Sphinx stops logging the auto-conversion notice on everymake docsrun.Test plan
make docsbuilds cleanly with zero warnings