[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Perl::Critic Tests

Hi Rob,

On Fri, Apr 14, 2017 at 10:47 PM, R. Ransbottom <..hidden..> wrote:
On Fri, Apr 14, 2017 at 09:09:18PM +0200, Erik Huelsmann wrote:
> As we are a webapp and as we pride ourselves in delivering secure code, I
> think we should live up to the promise by requiring the CERT secure coding
> standards to be applied -- at least as far as our new code goes. There may
> be a few points in the new code where we are currently violating the
> policies because we're "calling out" to old code. This definitely can't be
> the case for all of the listed violations. So, I think that *if* we need to
> allow a violation (and need to add a Critic suppression), we should *only*
> do that under the condition that there's a well documented explanation of
> why this is required.

It looks like a good set of critiques.

I can help silence the P::C beast.  Let me know.

You sure can. There's a list of policies to be done at https://github.com/ledgersmb/LedgerSMB/blob/master/xt/01.1-critic.t#L39

and the "hit counts" are here http://archive.ledgersmb.org/ledger-smb-devel/msg06581.html (new code) and here http://archive.ledgersmb.org/ledger-smb-devel/msg06586.html (old code).

Nick Prater is working "bottom to top" (lowest hitcount first) to address the policies. You could work top to bottom (your own preferred order of addressing them?); that way you two won't be in each other's way.

Thanks for the offer!

If you have any further questions, don't hesitate to ask!



http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Ledger-smb-devel mailing list