vince kraemer wrote:
>> Rather than going deeper, I'd suggest going broader. Nearly every high
>> priority error is a real bug. Many of the medium priority errors require
>> more analysis and judgment to determine whether they're really errors.
>>
>> The "developer report" only addresses a subset of all the code in
>> GlassFish.
>> The "fancy report" (which is using FindBugs 1.3.6-rc1) still shows
>> lots of
>> high priority issues. No doubt some of them are in code that we don't
>> touch, and so should be excluded. But the rest should be addressed.
>
> If we are seeing high priority issues in the binary components that we
> are using... we should push the publishers to fix them. Especially the
> stuff that comes out of open source projects.
We need to be able to build everything we use from source.
That said, many of the modules will be built elsewhere and incorporated
into GlassFish as binary bundles.
For the stuff that doesn't actually come from the GlassFish community,
we should work with the upstream community to get the bugs fixed, but
we've also been willing to exclude bugs in those modules because it can
be difficult to convince people that it's worth their time to fix them.
For other modules that are part of the GlassFish community, we should
apply the same standards we use for the core GlassFish modules.
> Were is this 'fancy report' published?
Sorry, I meant to include the URL. Here's the page that references
both of them:
http://wikihome.sfbay.sun.com/glassfish/Wiki.jsp?page=Findbugs
>> And isn't it past time to integrate these two reports, possibly using the
>> Hudson FindBugs plugin?
>
> That makes sense to me.
>
> I thought Maven could generate a FindBugs report as part of its
> 'standard' build process... I thought it can make a whole site of
> reports that would help us keep track of the state of our code.
Yes, maven can do that. Generating the report isn't the important part.
The important part is tracking the changes over time and notifying
developers when they commit a change that introduces a bug.