On 02/05/11 19:23, Ximin Luo wrote: > On 30/04/11 21:31, freenet.10.technomation at recursor.net wrote: >> I took *freenet-official* and ran it through Maven, findbugs and Sonar. I >> offlined a couple of screenshots ( >> https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar1.png, >> https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar2.png), >> and the top five layers of the Sonar reports for builds 1362 thru 1367 at >> https://github.com/SebastianWeetabix/fred-maven/blob/master/Sonar.zip. >> > > could you make a github gh-pages branch out of this? this would make it easier > for people to view. (cloning your repo is 116MB.) for example, > > http://freenet.github.com/fred-staging/api/ > > instructions are here (you want the 2nd lot of instructions): > > http://sebastianweetabix.github.com/ >
ah... i see why it's 116MB now - 987MB uncompressed. if github doesn't give you that much free space, never mind. i will upload it to freenetproject servers. >> Reading through the concern about potential poisoning of maven repo', and >> that could have some type of effect on a build that would get distributed, >> looking at the report, just like any app, the biggest security holes are the >> one that are introduced into the source code by accident: Logic errors; >> Faulty design; Lack of documentation; Brittle implementation. Sonar throws >> some light on these pre-existing inherent security issues. The repo >> poisoning issue is a canard - Maven checks the hashes and sig's, plus you >> can spec your own repo if you are that concerned. Also, the archives being >> used in Freenet are probably built using Maven. >> >> Another big plus with reorging the build, apart from making the structure >> easier to grok, simpler and more consistent to build (3K XML build file vs. >>> 20K XML build file, *contrib *would be trivial too), is that newbies can >> put their arms around it and start contributing quicker and with more >> confidence; There will be more eyes on the code, find and weeding out the >> historic flaws, providing more velocity to the project. >> >> SW >> >> >> >> >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://freenetproject.org/cgi-bin/mailman/listinfo/devl > > -- GPG: 4096R/5FBBDBCE
