[
https://issues.apache.org/jira/browse/OOZIE-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16048542#comment-16048542
]
Robert Kanter commented on OOZIE-2933:
--------------------------------------
Thanks for doing this [~Jan Hentschel], I hadn't realized that findbugs is so
old. A few minor things:
# Looks like there's an 3.1.0 RC3 now, released not long ago; we may as well
use that one. https://github.com/spotbugs/spotbugs/releases
# Please file a followup JIRA to update to 3.1.0 GA release once it's out.
It's best to not use RCs, but in this case I think it's okay. In any case, we
should try to update again once it's GA.
# The spotbugs website mentioned this "find-sec-bugs" plugin, which looks for
security bugs in Java web apps, which is essentially what Oozie is. It would
be great if we could add this plugin while we're here.
http://find-sec-bugs.github.io/ Feel free to file this as a followup JIRA if
you don't feel like working on it now though.
By the way, we typically only use ReviewBoard for large/complicated changes or
if someone asks. For simpler fixes, we don't usually bother.
> Switch from Findbugs to Spotbugs
> --------------------------------
>
> Key: OOZIE-2933
> URL: https://issues.apache.org/jira/browse/OOZIE-2933
> Project: Oozie
> Issue Type: Improvement
> Components: build
> Reporter: Jan Hentschel
> Assignee: Jan Hentschel
> Priority: Minor
> Attachments: OOZIE-2933-1.patch, oozie-findbugs-pre-commit.txt
>
>
> Because Findbugs hadn't a new release in some time other projects such as
> Hadoop and HBase already switched to Spotbugs. This ticket proposes to switch
> the current Findbugs implementation to Spotbugs, similar to the changes made
> to Hadoop and HBase.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
