On 02/05/11 19:28, Ximin Luo wrote: > On 02/05/11 19:23, Ximin Luo wrote: >> On 30/04/11 21:31, freenet.10.technomation at recursor.net wrote: >>> I took *freenet-official* and ran it through Maven, findbugs and Sonar. I >>> offlined a couple of screenshots ( >>> https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar1.png, >>> https://github.com/SebastianWeetabix/fred-maven/blob/master/freenetsonar2.png), >>> and the top five layers of the Sonar reports for builds 1362 thru 1367 at >>> https://github.com/SebastianWeetabix/fred-maven/blob/master/Sonar.zip. >>> >> >> could you make a github gh-pages branch out of this? this would make it >> easier >> for people to view. (cloning your repo is 116MB.) for example, >> >> http://freenet.github.com/fred-staging/api/ >> >> instructions are here (you want the 2nd lot of instructions): >> >> http://sebastianweetabix.github.com/ >> > > ah... i see why it's 116MB now - 987MB uncompressed. if github doesn't give > you > that much free space, never mind. i will upload it to freenetproject servers. >
HTTrack hasn't done a good job of mirroring the localhost site. A lot of the links don't work, some point to 127.0.0.1:9000, and i'm guessing that most of the 987MB are dangling pages that can't be reached from the front page. in short, Sonar.zip isn't usable. a shame. :( >>> Reading through the concern about potential poisoning of maven repo', and >>> that could have some type of effect on a build that would get distributed, >>> looking at the report, just like any app, the biggest security holes are the >>> one that are introduced into the source code by accident: Logic errors; >>> Faulty design; Lack of documentation; Brittle implementation. Sonar throws >>> some light on these pre-existing inherent security issues. The repo >>> poisoning issue is a canard - Maven checks the hashes and sig's, plus you >>> can spec your own repo if you are that concerned. Also, the archives being >>> used in Freenet are probably built using Maven. >>> >>> Another big plus with reorging the build, apart from making the structure >>> easier to grok, simpler and more consistent to build (3K XML build file vs. >>>> 20K XML build file, *contrib *would be trivial too), is that newbies can >>> put their arms around it and start contributing quicker and with more >>> confidence; There will be more eyes on the code, find and weeding out the >>> historic flaws, providing more velocity to the project. >>> >>> SW >>> >>> >>> >>> >>> _______________________________________________ >>> Devl mailing list >>> Devl at freenetproject.org >>> http://freenetproject.org/cgi-bin/mailman/listinfo/devl >> >> > > -- GPG: 4096R/5FBBDBCE
