Hi Rob,
On Fri, Apr 14, 2017 at 10:47 PM, R. Ransbottom <rir...@comcast.net> wrote:
> On Fri, Apr 14, 2017 at 09:09:18PM +0200, Erik Huelsmann wrote:
> >
> > As we are a webapp and as we pride ourselves in delivering secure code, I
> > think we should live up to the promise by requiring the CERT secure
> coding
> > standards to be applied -- at least as far as our new code goes. There
> may
> > be a few points in the new code where we are currently violating the
> > policies because we're "calling out" to old code. This definitely can't
> be
> > the case for all of the listed violations. So, I think that *if* we need
> to
> > allow a violation (and need to add a Critic suppression), we should
> *only*
> > do that under the condition that there's a well documented explanation of
> > why this is required.
>
> It looks like a good set of critiques.
>
> I can help silence the P::C beast. Let me know.
>
You sure can. There's a list of policies to be done at
https://github.com/ledgersmb/LedgerSMB/blob/master/xt/01.1-critic.t#L39
and the "hit counts" are here
http://archive.ledgersmb.org/ledger-smb-devel/msg06581.html (new code) and
here http://archive.ledgersmb.org/ledger-smb-devel/msg06586.html (old code).
Nick Prater is working "bottom to top" (lowest hitcount first) to address
the policies. You could work top to bottom (your own preferred order of
addressing them?); that way you two won't be in each other's way.
Thanks for the offer!
If you have any further questions, don't hesitate to ask!
--
Bye,
Erik.
http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ledger-smb-devel mailing list
Ledger-smb-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
