[
https://issues.apache.org/jira/browse/OOZIE-1986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15539022#comment-15539022
]
Attila Sasvari commented on OOZIE-1986:
---------------------------------------
Downloading a jar from a remote git repo like
https://github.com/adjohnson916/findbugs-diff/ and using it without any
validation is unsecure.
In addition, I do not see any licensing information for the project, and as far
as I know "code without an explicit license is protected by copyright and is by
default All Rights Reserved" (at least on github, according to
http://www.infoworld.com/article/2615869/open-source-software/github-needs-to-take-open-source-seriously.html).
> Add FindBugs report to pre-commit build
> ---------------------------------------
>
> Key: OOZIE-1986
> URL: https://issues.apache.org/jira/browse/OOZIE-1986
> Project: Oozie
> Issue Type: Bug
> Components: tests
> Reporter: Robert Kanter
> Assignee: Andras Piros
> Fix For: 5.0.0
>
> Attachments: OOZIE-1986.001.patch, OOZIE-1986.002.patch
>
>
> Now that we have OOZIE-1793, it will be really useful to have the pre-commit
> build generate a findbugs report. It should probably before and after the
> patch and only complain it there are more after. And it should link to the
> report. Ideally, this would do some kind of diff (like Hadoop does) so it's
> easy to identify the new findbugs items.
> You can generate the findbugs reports by running:
> {noformat}
> mvn verify -DskipTests
> {noformat}
> This also runs checkstyle
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
