Aggregated news from external sources
Static analysis programs are quite useful, but also prone to false positives.
It’s really hard to keep track of static analysis failures on a fairly large
project. We’ve looked at several approaches in the past. The one that we used
to do was to publish a report every day which people could look at if they
wished. This guaranteed that nobody looked at it. Despite knowing where to
look for it, even I barely looked at it.
The second approach was to run them twice, before your patch is merged and
after your patch is merged in. If the count goes up with your patch, the test
fails. This has a problem that it doesn’t account for false positives. An
argument could be made that you could go fix another static analysis failure in
your patch. But that means your patch now does two things, which isn’t fun for
when you want to do a backport, for instance. Or even for history purposes.
That’s landing two unrelated changes in one patch.
The approach that we’ve now gone with is to have them run on a nightly basis
with Jenkins. Deepshika did almost all the work for this and wrote about it on
her blog. It has more details on the actual implementation. This
puts all the results in one place for everyone to take a look at. Jenkins also
gives us a visual view of what changed over the course of time, which wasn’t as
easy in the past.
She’s working on further improving the visual look by uniting all the jobs that
are tied to static analysis. That way, we’ll have a nightly pipeline run for
each branch that will put all the tests we care about for a particular branch
in one place.
Source: nigelb (Static Analysis for Gluster)
Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/ – closes June 15 Gluster Summit Videos – All our available videos (and slides) from Gluster Summit 2017 are up! Check out the GlusterCommunity YouTube homepage...
Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/ Out of cycle updates for all maintained Gluster versions: New updates for 3.10, 3.12 and 4.0 http://lists.gluster.org/pipermail/announce/2018-April/000098.html Project Technical Leadership Council Announced http://lists.gluster.org/pipermail/announce/2018-April/000094.html Gluster...
The Gluster community has released an out-of-normal-cadence release for Gluster 3.10, 3.12, and 4.0 that resolves a CVE that has been classified as Important. A privilege escalation flaw was found in the gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage...