Excerpts from Cyril Roelandt's message of 2015-11-03 16:46:25 +0100:
> On 11/02/2015 07:32 PM, Davanum Srinivas wrote:
> >
> > If we can add this command directly in our tox.ini and entirely avoid
> > having the bandit.yaml would that be even better?
>
> Why not, but it'd have some drawbacks as we
On Tue, Nov 3, 2015 at 9:41 AM, Cyril Roelandt wrote:
> On 11/02/2015 07:40 PM, Brant Knudson wrote:
>
>>
>> We could use something like this in keystone since we've got a few
>> repositories. There should be a way to document why the test was skipped
>> since otherwise we'll have to figure it ou
Hi Cyril,
This is a really cool idea. It should be fairly easy to implement and
can only help make Bandit more usable. To be honest enhancing the way
we're using the 'bandit.yaml' file has been on our list for a while.
A tool like this seems like it would be a nice intermediate solution
until w
On 11/02/2015 07:32 PM, Davanum Srinivas wrote:
If we can add this command directly in our tox.ini and entirely avoid
having the bandit.yaml would that be even better?
Why not, but it'd have some drawbacks as well:
- should the conf generator be broken for some reason, the gate may end
up be
On 11/02/2015 07:40 PM, Brant Knudson wrote:
We could use something like this in keystone since we've got a few
repositories. There should be a way to document why the test was skipped
since otherwise we'll have to figure it out every time we update the
file. Putting a comment on the command lin
On 11/03/2015 10:50 AM, Victor Stinner wrote:
Hi,
I don't like very long command lines, it's hard to document them or
comment them. I prefer configuration files. But bandit.yaml, the
"template", is already a configuration file!?
Yes, the config file provided by bandit is some kind of "enable
Le 02/11/2015 19:40, Brant Knudson a écrit :
(...) by typing something like:
$ bandit-conf-generator --disable try_except_pass --out bandit.yaml
oslo.messaging ~/openstack/bandit/bandit/config/bandit.yaml
(...) we should have a config file for bandit-conf-generator...
but then why not
On Mon, Nov 2, 2015 at 12:22 PM, Cyril Roelandt wrote:
> Hello,
>
> The libraries from the Oslo project are used everywhere in OpenStack,
> which means that a security issue in Olso code might have an impact on a
> lot of other projects. This is why I am currently trying to add support
> for the
Cyril,
If we can add this command directly in our tox.ini and entirely avoid
having the bandit.yaml would that be even better?
-- Dims
On Mon, Nov 2, 2015 at 1:22 PM, Cyril Roelandt wrote:
> Hello,
>
> The libraries from the Oslo project are used everywhere in OpenStack,
> which means that a s
Hello,
The libraries from the Oslo project are used everywhere in OpenStack,
which means that a security issue in Olso code might have an impact on a
lot of other projects. This is why I am currently trying to add support
for the bandit[1] static checker in all of the Oslo libraries.
While re
10 matches
Mail list logo