Re: Coverity Scan
On May 17 21:58, David Stacey wrote: On 17/05/14 11:12, Corinna Vinschen wrote: On May 16 21:00, David Stacey wrote: OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) I got no such mail. You didn't try the account I'm using for the mailing list, I hope? Please use my company address vinschen AT redhat DOT com. Apologies - another invitation sent to the correct e-mail address. Further apologies if I should have known your correct e-mail address already! I have no idea how this works. I had hoped I'd just get emails with the scan results, the less fancy the solution, the better. We can set this up using gpg encrypted mails, that would be the most elegant solution, IMHO. I could probably get Coverity Scan to ping you an e-mail if a new defect is introduced. It's probably best if you look at the web page above. Once you accept the invitation and log in, you'll see a button to view the defects. For each defect, you'll see the defect itself, along with the path that the analysis engine took to get there. [...] Well, the problem is that we're going to switch to git pretty soon, and that will slightly change the directory layout. But basically, in the winsup dir, you see the subdirs cygserver cygwin doc lsaauth testsuite utils Of those you can ignore doc testsuite The other four would be natural groups, I think. The toplevel and winsup dirs don't need to be scanned either. I've set up components for cygserver, cygwin, utils and newlib. There were no defects found in 'lsaauth' (which needs investigation in itself - I'll look at this). A single source file. Not much code. There is at least *some* non-0 probability that the code might be correct... I hope. If our directory structure is going to change when we move to git then that is OK - I'll remap the components at the point we move. However, be aware that reorganising things can confuse Coverity - if you sign off any warnings as 'won't fix' then they may reappear if the offending code is moved into a different class or file. That's to be expected. You are aware that we need a copyright assignment from you if you'd like to provide patches, right? Please have a look at the Before you get started section of http://cygwin.com/contrib.html I'll limit my patches to the trivial kind that are ten lines or less. My present employer is amazingly supportive of the open source work that I do in my own time, and that boat doesn't need rocking. Nevertheless, I'd be glad if you try. This project is in desperate need of developers getting their hands dirty. In theory, at the time of writing this, I'd suggest to include only cgf, yaakov, and me. I've sent an invitation to Yaakov also. Thanks! For the time being I already marked a single reported problem as false positive. I look into more at some later point. I'll first try to get a 1.7.29-3 with a few bugfixes out of the door. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpGFJkFSBz5p.pgp Description: PGP signature
Re: Coverity Scan
Hi David, On May 16 21:00, David Stacey wrote: On 25/04/14 16:53, Christopher Faylor wrote: On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: On Apr 25 06:33, David Stacey wrote: Coverity Scan [1] is a commercial (paid for) static analysis tool, but they offer it to Open Source programmes for free. I was having a browse through the list of Open Source programmes using Coverity Scan, and noticed that Cygwin wasn't listed. Would there be any interest in analysing the cygwin1.dll source code on a fairly regular basis? If so, I would be happy to have a go at setting up an analysis job for Cygwin. I would imagine this would be of interest to CGF, Corinna and anyone else who regularly updates the Cygwin source code. Obviously, this is only worth doing if the analysis results are looked at and acted upon. Depends. If the report contains lots of false positives, it's getting annoying pretty quickly. We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: Oh, wait. (#*($ Yeah. That's a problem. If we could use coverity I'm sure it would be interesting if we can get it. OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) I got no such mail. You didn't try the account I'm using for the mailing list, I hope? Please use my company address vinschen AT redhat DOT com. It would be responsible of us to restrict access to known vulnerabilities, so please _don't_ ask for visibility of the scan results. I will leave it to CGF and Corinna to decide who we give access to and when. I have no idea how this works. I had hoped I'd just get emails with the scan results, the less fancy the solution, the better. We can set this up using gpg encrypted mails, that would be the most elegant solution, IMHO. There is still a little work to do in setting up the Coverity scan. The next step is to group the code into logical clusters, which Coverity calls Components. Typically, this is done on directories or other file groupings, and the tool allows you to concentrate on just one of these components at once. If you let me know what components you'd like, I'll set them up. Well, the problem is that we're going to switch to git pretty soon, and that will slightly change the directory layout. But basically, in the winsup dir, you see the subdirs cygserver cygwin doc lsaauth testsuite utils Of those you can ignore doc testsuite The other four would be natural groups, I think. The toplevel and winsup dirs don't need to be scanned either. The Coverity build is being performed on one of my PCs at the moment. I'll try to do this at least weekly using a snapshot from the snapshots page. I'll also try to submit patches as and when time allows. You are aware that we need a copyright assignment from you if you'd like to provide patches, right? Please have a look at the Before you get started section of http://cygwin.com/contrib.html But if this is going to work then anyone who regularly contributes to the Cygwin source code will have to make use of the tool. In theory, at the time of writing this, I'd suggest to include only cgf, yaakov, and me. Other people could join us on request, if they provide patches to the Cygwin code base, or provided non-trivial patches in the past. Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to join the Scan programme. Yes, that's nice. I'm thanking him as well. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpasdGNbx5xl.pgp Description: PGP signature
Re: Coverity Scan
On May 16 16:03, Jeffrey Altman wrote: On 5/16/2014 4:00 PM, David Stacey wrote: OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) gold star? Sure. Thanks David! Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpJynYDTZAf4.pgp Description: PGP signature
Re: Coverity Scan
On 17/05/14 11:12, Corinna Vinschen wrote: On May 16 21:00, David Stacey wrote: OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) I got no such mail. You didn't try the account I'm using for the mailing list, I hope? Please use my company address vinschen AT redhat DOT com. Apologies - another invitation sent to the correct e-mail address. Further apologies if I should have known your correct e-mail address already! I have no idea how this works. I had hoped I'd just get emails with the scan results, the less fancy the solution, the better. We can set this up using gpg encrypted mails, that would be the most elegant solution, IMHO. I could probably get Coverity Scan to ping you an e-mail if a new defect is introduced. It's probably best if you look at the web page above. Once you accept the invitation and log in, you'll see a button to view the defects. For each defect, you'll see the defect itself, along with the path that the analysis engine took to get there. For example, consider the case of reading an uninitialised variable. The trace would start at the point the variable is declared. You would see the path taken through the code (e.g. taking the 'true' path of an 'if' statement, or not executing a 'while' loop because the condition was never satisfied) until you arrive at a line where the variable is read without ever having been initialised. This is more useful than simply complaining about reading an uninitialised variable: often these can be logic errors, i.e. the coder didn't consider a certain scenario, or thought that all paths through the code would initialise the variable at some point. As Coverity shows you the path through the code (even between functions), you see the hole in the logic. There is still a little work to do in setting up the Coverity scan. The next step is to group the code into logical clusters, which Coverity calls Components. Typically, this is done on directories or other file groupings, and the tool allows you to concentrate on just one of these components at once. If you let me know what components you'd like, I'll set them up. Well, the problem is that we're going to switch to git pretty soon, and that will slightly change the directory layout. But basically, in the winsup dir, you see the subdirs cygserver cygwin doc lsaauth testsuite utils Of those you can ignore doc testsuite The other four would be natural groups, I think. The toplevel and winsup dirs don't need to be scanned either. I've set up components for cygserver, cygwin, utils and newlib. There were no defects found in 'lsaauth' (which needs investigation in itself - I'll look at this). If our directory structure is going to change when we move to git then that is OK - I'll remap the components at the point we move. However, be aware that reorganising things can confuse Coverity - if you sign off any warnings as 'won't fix' then they may reappear if the offending code is moved into a different class or file. You are aware that we need a copyright assignment from you if you'd like to provide patches, right? Please have a look at the Before you get started section of http://cygwin.com/contrib.html I'll limit my patches to the trivial kind that are ten lines or less. My present employer is amazingly supportive of the open source work that I do in my own time, and that boat doesn't need rocking. In theory, at the time of writing this, I'd suggest to include only cgf, yaakov, and me. I've sent an invitation to Yaakov also. Cheers, Dave. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Coverity Scan
On 25/04/14 16:53, Christopher Faylor wrote: On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: On Apr 25 06:33, David Stacey wrote: Coverity Scan [1] is a commercial (paid for) static analysis tool, but they offer it to Open Source programmes for free. I was having a browse through the list of Open Source programmes using Coverity Scan, and noticed that Cygwin wasn't listed. Would there be any interest in analysing the cygwin1.dll source code on a fairly regular basis? If so, I would be happy to have a go at setting up an analysis job for Cygwin. I would imagine this would be of interest to CGF, Corinna and anyone else who regularly updates the Cygwin source code. Obviously, this is only worth doing if the analysis results are looked at and acted upon. Depends. If the report contains lots of false positives, it's getting annoying pretty quickly. We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: Oh, wait. (#*($ Yeah. That's a problem. If we could use coverity I'm sure it would be interesting if we can get it. OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) It would be responsible of us to restrict access to known vulnerabilities, so please _don't_ ask for visibility of the scan results. I will leave it to CGF and Corinna to decide who we give access to and when. There is still a little work to do in setting up the Coverity scan. The next step is to group the code into logical clusters, which Coverity calls Components. Typically, this is done on directories or other file groupings, and the tool allows you to concentrate on just one of these components at once. If you let me know what components you'd like, I'll set them up. The Coverity build is being performed on one of my PCs at the moment. I'll try to do this at least weekly using a snapshot from the snapshots page. I'll also try to submit patches as and when time allows. But if this is going to work then anyone who regularly contributes to the Cygwin source code will have to make use of the tool. Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to join the Scan programme. Cheers, Dave. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Coverity Scan
On 5/16/2014 4:00 PM, David Stacey wrote: OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) gold star? smime.p7s Description: S/MIME Cryptographic Signature
Re: Coverity Scan
On Apr 25 06:33, David Stacey wrote: Coverity Scan [1] is a commercial (paid for) static analysis tool, but they offer it to Open Source programmes for free. I was having a browse through the list of Open Source programmes using Coverity Scan, and noticed that Cygwin wasn't listed. Would there be any interest in analysing the cygwin1.dll source code on a fairly regular basis? If so, I would be happy to have a go at setting up an analysis job for Cygwin. I would imagine this would be of interest to CGF, Corinna and anyone else who regularly updates the Cygwin source code. Obviously, this is only worth doing if the analysis results are looked at and acted upon. Depends. If the report contains lots of false positives, it's getting annoying pretty quickly. There are some conditions associated with using Coverity Scan [2]. The one thing that jumps out is that our relationship with RedHat might be a stumbling block. We can but ask - the worst that can happen is that they politely decline. They will. #7 won't fly due to the buyout license clause. There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpS_ZNDpqiMD.pgp Description: PGP signature
Fwd: Coverity Scan
2014-04-25 10:35 GMT+02:00 Corinna Vinschen: Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. There are other alternatives than SVN and Git, you could try Fossil: http://www.fossil-scm.org/ Jari Aalto made fossil version 1.28 available recently as Cygwin/Cygwin64 package, which works fine. (Previous builds had issues due to SQLite build problems, but those are all fixed in this build). Highly recommended, especially if you hate GIT (you are not the only one, really!), I am using it extensively. Regards, Jan Nijtmans -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Coverity Scan
On Apr 25 11:10, Jan Nijtmans wrote: 2014-04-25 10:35 GMT+02:00 Corinna Vinschen: Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. There are other alternatives than SVN and Git, you could try Fossil: http://www.fossil-scm.org/ Jari Aalto made fossil version 1.28 available recently as Cygwin/Cygwin64 package, which works fine. (Previous builds had issues due to SQLite build problems, but those are all fixed in this build). Highly recommended, especially if you hate GIT (you are not the only one, really!), I am using it extensively. Looks nice, but I'm not so sure there should run YA sccs on sourceware. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpx3UAlrkJ9e.pgp Description: PGP signature
Re: Coverity Scan
On 25/04/14 09:35, Corinna Vinschen wrote: There are some conditions associated with using Coverity Scan [2]. The one thing that jumps out is that our relationship with RedHat might be a stumbling block. We can but ask - the worst that can happen is that they politely decline. They will. #7 won't fly due to the buyout license clause. Would you like me to enquire anyway? There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. It might help ease your pain knowing that you can use github with a svn client (to a limited extent): https://help.github.com/articles/support-for-subversion-clients Dave. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Coverity Scan
On Apr 25 13:19, David Stacey wrote: On 25/04/14 09:35, Corinna Vinschen wrote: There are some conditions associated with using Coverity Scan [2]. The one thing that jumps out is that our relationship with RedHat might be a stumbling block. We can but ask - the worst that can happen is that they politely decline. They will. #7 won't fly due to the buyout license clause. Would you like me to enquire anyway? Well, asking never hurts :) There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. It might help ease your pain knowing that you can use github with a svn client (to a limited extent): https://help.github.com/articles/support-for-subversion-clients Neat. But I fear it's time to get used to the idea. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpn6jZeetg14.pgp Description: PGP signature
GIT (was: Coverity Scan)
-Original Message- Corinna Vinschen Sent: Friday, April 25, 2014 6:33 AM There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. I recently went through the same reluctant switch to Git from SVN. I can tell you from personal experience that there's a period of disorientation when even the simplest tasks require a quick trip to Google. And Git requires a major shift in your mental model of how things work. Instead of 2 places where stuff is (local and remote) there are now 4 (workspace, stage, local repo, remote repo). HOWEVER... once you get over the learning hump you see that Git is MUCH better and allows much finer control over what's happening. Plus, the online documentation is very good, and questions have been asked enough times that Google serves up good answers to just about any question. If you have Cygwin/X installed, the git gui and gitk tools will make the transition easier. I started learning Git in earnest back in December, and really started thinking in Git soon after. Now, if I had to go back I would be disappointed.
Re: Coverity Scan
On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: On Apr 25 06:33, David Stacey wrote: Coverity Scan [1] is a commercial (paid for) static analysis tool, but they offer it to Open Source programmes for free. I was having a browse through the list of Open Source programmes using Coverity Scan, and noticed that Cygwin wasn't listed. Would there be any interest in analysing the cygwin1.dll source code on a fairly regular basis? If so, I would be happy to have a go at setting up an analysis job for Cygwin. I would imagine this would be of interest to CGF, Corinna and anyone else who regularly updates the Cygwin source code. Obviously, this is only worth doing if the analysis results are looked at and acted upon. Depends. If the report contains lots of false positives, it's getting annoying pretty quickly. We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: Oh, wait. (#*($ Yeah. That's a problem. If we could use coverity I'm sure it would be interesting if we can get it. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Coverity Scan
On Fri, Apr 25, 2014 at 02:17:19PM +0200, Corinna Vinschen wrote: On Apr 25 11:10, Jan Nijtmans wrote: 2014-04-25 10:35 GMT+02:00 Corinna Vinschen: Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. There are other alternatives than SVN and Git, you could try Fossil: http://www.fossil-scm.org/ Jari Aalto made fossil version 1.28 available recently as Cygwin/Cygwin64 package, which works fine. (Previous builds had issues due to SQLite build problems, but those are all fixed in this build). Highly recommended, especially if you hate GIT (you are not the only one, really!), I am using it extensively. Looks nice, but I'm not so sure there should run YA sccs on sourceware. Right. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: GIT (was: Coverity Scan)
On Apr 25 15:24, Jim Garrison wrote: Corinna Vinschen Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. I recently went through the same reluctant switch to Git from SVN. I can tell you from personal experience that there's a period of disorientation when even the simplest tasks require a quick trip to Google. And Git requires a major shift in your mental model of how things work. Instead of 2 places where stuff is (local and remote) there are now 4 (workspace, stage, local repo, remote repo). HOWEVER... once you get over the learning hump you see that Git is MUCH better and allows much finer control over what's happening. Plus, the online documentation is very good, and questions have been asked enough times that Google serves up good answers to just about any question. If you have Cygwin/X installed, the git gui and gitk tools will make the transition easier. I started learning Git in earnest back in December, and really started thinking in Git soon after. Now, if I had to go back I would be disappointed. Yeah, I'm trying to get a grip via the book http://git-scm.com/book/ Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpewnqxvBmUk.pgp Description: PGP signature
Re: Coverity Scan
On Fri, Apr 25, 2014 at 11:53:24AM -0400, Christopher Faylor wrote: We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: Oh, wait. (#*($ Yeah. That's a problem. I use Coverity as well, and I find it to be excellent. The latest version finds copy and paste errors. In particular, it recently issued two complaints about such errors. In both cases, Coverity was correct, a developer really had done copy-and-paste twice, introducing an error each time. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: GIT (was: Coverity Scan)
On Fri, Apr 25, 2014 at 11:22 AM, Corinna Vinschen wrote: On Apr 25 15:24, Jim Garrison wrote: Corinna Vinschen Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. I recently went through the same reluctant switch to Git from SVN. I can tell you from personal experience that there's a period of disorientation when even the simplest tasks require a quick trip to Google. And Git requires a major shift in your mental model of how things work. Instead of 2 places where stuff is (local and remote) there are now 4 (workspace, stage, local repo, remote repo). ... Yeah, I'm trying to get a grip via the book http://git-scm.com/book/ Only experience helps. I needed about a year to not loose too much changes after the switch from svn to git, but feeling very happy now. It helps having backups for the beginning if you try out rebase or reset --hard or git pull --force. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: GIT (was: Coverity Scan)
Greetings, Jim Garrison! -Original Message- Corinna Vinschen Sent: Friday, April 25, 2014 6:33 AM There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Yeah, I'm n ot exactly looking forward to it since I'm very familiar with CVS or SVN, but have nothing but trouble with git. But since everybody else is so very happy with git, I guess I'll have to adapt. Teeth-gnashingly. I recently went through the same reluctant switch to Git from SVN. I can tell you from personal experience that there's a period of disorientation when even the simplest tasks require a quick trip to Google. And Git requires a major shift in your mental model of how things work. Instead of 2 places where stuff is (local and remote) there are now 4 (workspace, stage, local repo, remote repo). HOWEVER... once you get over the learning hump you see that Git is MUCH better and allows much finer control over what's happening. This is exactly what makes me dislike it strongly. This, and idiotic model of copying whole repository to my machine, when I only want to glance at the source code, and find the culprit of my current issues. I've spent 3 hours downloading a 200Mb repo of a project, where the Subversion client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what an idiotic weight I pulled and went to google to see if it can be done better. And fine control doesn't mix with project consistency at all. Subversion is aimed at versioning of a whole project, in a supposedly consistent state at each version. What can be more fine than this, is beyond my understanding. You can still commit separate files from working copy, though, but this practice is discouraged for the greater good of the project you develop. Plus, the online documentation is very good, and questions have been asked enough times that Google serves up good answers to just about any question. If you have Cygwin/X installed, the git gui and gitk tools will make the transition easier. I started learning Git in earnest back in December, and really started thinking in Git soon after. Now, if I had to go back I would be disappointed. -- WBR, Andrey Repin (anrdae...@yandex.ru) 26.04.2014, 03:19 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: GIT (was: Coverity Scan)
On 4/26/2014 07:27, Andrey Repin wrote: This is exactly what makes me dislike it strongly. This, and idiotic model of copying whole repository to my machine, when I only want to glance at the source code, and find the culprit of my current issues. I've spent 3 hours downloading a 200Mb repo of a project, where the Subversion client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what an idiotic weight I pulled and went to google to see if it can be done better. And fine control doesn't mix with project consistency at all. Subversion is aimed at versioning of a whole project, in a supposedly consistent state at each version. What can be more fine than this, is beyond my understanding. git clone --depth 1 if you don't care about history. You can still commit separate files from working copy, though, but this practice is discouraged for the greater good of the project you develop. Don't you need to git add individual files to mark for commit? Won't you get into the same problems if you forgot to commit files in SVN? signature.asc Description: OpenPGP digital signature
Re: GIT (was: Coverity Scan)
On Sat, Apr 26, 2014 at 08:42:34AM +0800, JonY wrote: On 4/26/2014 07:27, Andrey Repin wrote: This is exactly what makes me dislike it strongly. This, and idiotic model of copying whole repository to my machine, when I only want to glance at the source code, and find the culprit of my current issues. I've spent 3 hours downloading a 200Mb repo of a project, where the Subversion client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what an idiotic weight I pulled and went to google to see if it can be done better. And fine control doesn't mix with project consistency at all. Subversion is aimed at versioning of a whole project, in a supposedly consistent state at each version. What can be more fine than this, is beyond my understanding. git clone --depth 1 if you don't care about history. You can still commit separate files from working copy, though, but this practice is discouraged for the greater good of the project you develop. Don't you need to git add individual files to mark for commit? Won't you get into the same problems if you forgot to commit files in SVN? git commit -a commits modified files without the need to add them first. You always have to add new files. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Coverity Scan
Coverity Scan [1] is a commercial (paid for) static analysis tool, but they offer it to Open Source programmes for free. I was having a browse through the list of Open Source programmes using Coverity Scan, and noticed that Cygwin wasn't listed. Would there be any interest in analysing the cygwin1.dll source code on a fairly regular basis? If so, I would be happy to have a go at setting up an analysis job for Cygwin. I would imagine this would be of interest to CGF, Corinna and anyone else who regularly updates the Cygwin source code. Obviously, this is only worth doing if the analysis results are looked at and acted upon. There are some conditions associated with using Coverity Scan [2]. The one thing that jumps out is that our relationship with RedHat might be a stumbling block. We can but ask - the worst that can happen is that they politely decline. There have been a few hints on this list about a possible move from CVS to git. If such a move were on the cards then that should probably happen first - I wouldn't want the nugatory effort of getting this working from CVS only to have to change it almost immediately. Any thoughts? Dave. [1] - https://scan.coverity.com/ [2] - https://scan.coverity.com/faq#how-get-project-included-in-scan -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
