Hi,
OK, I removed the NOSONAR comment from JDOException's printStackTrace
methods.
I see the point of not cluttering the code with NOSONAR comments. Just
for the discussion, there is one downside marking the issues in the web
UI: these settings are lost when we would switch to another sonarcloud
or sonarqube instance.
I doubt that sonarcloud is scanning the projects in oder to look for
false positives. I think we have to report them explicitly, if we want
to bring a false postive ti their attention.
In the case of the JDOException's printStackTrace methods I propose them
to resolved them as won't fix. The analysis is correct, we use a
parameter PrintStream for synchronization and in general this is not a
good idea. But here we do not want the PrintStream to be used in
parallel, so I think "Resolve as won't fix" is the better solution.
Regards Michael
Hi Til,
Marking the issue as false positive seems to be better than modifying the code.
I'm also thinking that SonarCloud might pay more attention to false positives
than to NOSONAR in the code...
Craig
On Dec 16, 2022, at 08:05, Tilmann<tilmann_...@gmx.de> wrote:
4. JIRA JDO-819 "Code quality analysis"
https://issues.apache.org/jira/browse/JDO-819
<https://issues.apache.org/jira/browse/JDO-819>
I forgot to mention, instead of '// NOSONAR' it is also easily possible
to mark problems as "false positive" in the web UI.
In my opinion this would be preferred over '// NOSONAR' because using
the web UI avoids cluttering the code with '// NOSONAR' statements.
Maybe something to discuss in the next meeting.
Best,
Til
On 16.12.22 16:49, Craig Russell wrote:
Attendees: Michael Bouschen, Tilmann Zäschke, Tobias Bouschen, Craig Russell
Next meeting: Thursday December 29 1100 PST 2000 CET
Agenda:
1. Derby vulnerability
Seehttps://issues.apache.org/jira/browse/DERBY-7147
<https://issues.apache.org/jira/browse/DERBY-7147>
No rush to upgrade Derby from 10.14.2 (current JDO dependency for tck) to
10.14.3 (fixed version). The tck does not use LDAP which is the attack vector.
AI Michael look into upgrading.
2. JIRA JDO-820: "Clean up copyright NOTICE and
references":https://issues.apache.org/jira/browse/JDO-820
Ist there anything left?
Nothing left. Resolved.
Which Fix Version do we want to use?
Next version whatever that is. 3.2.2 and 3.3
3. JIRA JDO-821: "Fix sonarcloud issues of type
Bugs"https://issues.apache.org/jira/browse/JDO-821
See PR #65:https://github.com/apache/db-jdo/pull/65
<https://github.com/apache/db-jdo/pull/65>
4. JIRA JDO-819 "Code quality analysis"https://issues.apache.org/jira/browse/JDO-819
<https://issues.apache.org/jira/browse/JDO-819>
Changes in PR#65 can be merged.
Tilmann is looking at the SonarCloud "security" issues. Seem to be innocuous.
Still more SonarCloud issues (code smell) to address. For example:
https://mx.akquinet.de/link?id=BAgAAABb9OSn1vfIQcIAAAC_H51M3PPC4kGHhS08O7AZGvxbxYmbyeOsFbBnKCsrqTv4paC17qVYZrqMpOr5KRcrrXQDm3lvFiNo11bzQdKPJkf3JkXYgKZ07VxoMnoFxgXCqMzowt3YXZYZtR7mTakRySOgk4g1dunhTTHu1LxSaieq3ZPLZH9T8hqGwg-9ukA-A3_RDrGE5dAqZ-VE2_cTfXVjw10VqLFw189pA7MDRA3F8lZaVvf1TPTfTKrT-QxK5HBtc0tzxeUwCpGgBaZlZw2 <https://mx.akquinet.de/link?id=BAgAAABb9OSn1vfIQcIAAAC_H51M3PPC4kGHhS08O7AZGvxbxYmbyeOsFbBnKCsrqTv4paC17qVYZrqMpOr5KRcrrXQDm3lvFiNo11bzQdKPJkf3JkXYgKZ07VxoMnoFxgXCqMzowt3YXZYZtR7mTakRySOgk4g1dunhTTHu1LxSaieq3ZPLZH9T8hqGwg-9ukA-A3_RDrGE5dAqZ-VE2_cTfXVjw10VqLFw189pA7MDRA3F8lZaVvf1TPTfTKrT-QxK5HBtc0tzxeUwCpGgBaZlZw2
>
Every subclass of JDOUserException smells. Not really an issue for us.
Anyone who looks into a SonarCloud issue should add a comment to the JDO-819
JIRA with the analysis and resolution and possibly a PR. At some point we may
close the issue after the items are low enough importance.
5. JIRA JDO-709 "Standardize field/property converters"
https://issues.apache.org/jira/browse/JDO-709 6. JIRA JDO-815 "Change headers on source files to use
https:// instead of http:// "https://issues.apache.org/jira/browse/JDO-815
<https://issues.apache.org/jira/browse/JDO-815>
Ready to resolve.
AI Craig resolve it.
7. JIRA JDO-822: "Verify compatibility with JDK
20"https://issues.apache.org/jira/browse/JDO-822
<https://issues.apache.org/jira/browse/JDO-822>
8. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 9. Other issues
Action Items from weeks past: [Nov 23 2022] AI Tilmann see what else
is needed to have the analysis integrated into GitHub repo. [Nov 23
2022] AI Tilmann follow up with Andy/DataNucleus for his advice on
JDO-709. [Oct 20 2022] AI Craig update the JIRA JDO-709 to request a
test case using annotations and results of the test. [Dec 09 2021]
AI Craig: Try to contact all current/former participants in JDO
development and see if and how they want to be recognized on the JDO
and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021]
AI Craig send a private message to all JSR-243 Expert Group members
asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts
[Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL
datastores"https://issues.apache.org/jira/browse/JDO-651
Craig L Russell
c...@apache.org
Craig L Russell
c...@apache.org
