On 30/04/11 21:31, freenet.10.technomation at recursor.net wrote: > I took *freenet-official* and ran it through Maven, findbugs and Sonar. I > offlined a couple of screenshots ( > https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar1.png, > https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar2.png), > and the top five layers of the Sonar reports for builds 1362 thru 1367 at > https://github.com/SebastianWeetabix/fred-maven/blob/master/Sonar.zip. >
could you make a github gh-pages branch out of this? this would make it easier for people to view. (cloning your repo is 116MB.) for example, http://freenet.github.com/fred-staging/api/ instructions are here (you want the 2nd lot of instructions): http://sebastianweetabix.github.com/ > Reading through the concern about potential poisoning of maven repo', and > that could have some type of effect on a build that would get distributed, > looking at the report, just like any app, the biggest security holes are the > one that are introduced into the source code by accident: Logic errors; > Faulty design; Lack of documentation; Brittle implementation. Sonar throws > some light on these pre-existing inherent security issues. The repo > poisoning issue is a canard - Maven checks the hashes and sig's, plus you > can spec your own repo if you are that concerned. Also, the archives being > used in Freenet are probably built using Maven. > > Another big plus with reorging the build, apart from making the structure > easier to grok, simpler and more consistent to build (3K XML build file vs. >> 20K XML build file, *contrib *would be trivial too), is that newbies can > put their arms around it and start contributing quicker and with more > confidence; There will be more eyes on the code, find and weeding out the > historic flaws, providing more velocity to the project. > > SW > > > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl -- GPG: 4096R/5FBBDBCE
