Patrick,
All of the above are good
=indeed - am still digesting...
You could also use the following to check for known vulnerabilities https://www.openhub.net/explore/projects
Thank you for this - I had forgotten about BlackDuck (have apparently fallen off their mailing list).
Will have to spend some time settling on some 'acceptable' metrics: just for fun and because it was the latest import I've typed* I tried PyYAML. It is reported as "Very Low Activity" and "6 months since last commit". Perhaps these are basically the same thing? Yet it is a widely used facility, and one (amongst many on PyPI) I wouldn't even question using...
However, putting such into a check-list would inform discussion at a code/system review, and enable anyone to interpret and perhaps express concern, the code-author to defend (with facts cf opinion or emotion), the team to consciously evaluate, etc. Excellent!
* code review showed that 'new guy' habitually litters his code with 'constants' and parameters, and for whom I've been developing a quick alternative 'suggestion' in preparation for our next discussion!
-- Regards, =dn _______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
