First, the point of the exclusion file is to "bless" warnings that, *by
design*, do not correspond with findbugs set of default warnings. The
presumption is that findbugs actually does identify real or potential bugs,
and there should be no argument about whether this is true or not.

What we are discussing here is the *automatic* addition of entries to the
exclusion file. In general, that is a *bad practice*, however, for
expediency purposes that has been done a few times already. Such practice
should not be continued.

Every exclusion added to the exclude file should be accompanied by a comment
in the exclude file, and perhaps a comment in the source file as well,
indicating why the exclusion occurred.

If folks are uncomfortable with marking an exclusion for an entire method,
then they can mark the specific line of source as well; however, that is
problematic when line numbers change. I feel it is better to mark it for the
method even if there is a risk it will unintentionally apply to another line
(in the same method) than was intended.

If folks make their methods shorter, then this reduces the likelihood of an
unintentional exclusion. My personal criteria is that, in the general case,
a method should occupy no more than one screen (on your favorite text


On Mon, Feb 21, 2011 at 12:35 PM, Andreas Delmelle <> wrote:

> On 21 Feb 2011, at 20:28, Andreas Delmelle wrote:
> > On 21 Feb 2011, at 19:15, Vincent Hennebert wrote:
> >
> >> If we solve issues raised by FindBugs by listing them in an ignore file,
> >> is there still a point to use FindBugs at all?
> >>
> >> It seems to me that some of those issues deserve to be fixed. They seem
> >> to point out genuine problems in the code.
> >
> > I was about to convey a similar sentiment.
> >
> > If we are only going to ignore potential bugs, the point of the whole
> exercise seems totally lost.
> Note also that, IIUC, if you define an exclusion for a given bug type in
> the scope of a given method, future devs are free to introduce many more
> instances of that very same bug type in that same method, without ever
> noticing that they are doing something wrong --even if they do their due
> diligence and run FB before each commit?
> That just doesn't seem right. :-/
> Regards,
> Andreas
> ---

Reply via email to