[Announcement] New mailing list for code quality tools including Flake8, Pyflakes and Pep8
Hello, There's a new mailing-list related to Python code-quality tools. Are you concerned about the evolution of various code checkers? Do you have questions or suggestions? Subscribe here: http://mail.python.org/mailman/listinfo/code-quality Best regards, Ian
Hi, Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase. Thanks, Alfredo On Wed, Apr 3, 2013 at 4:24 PM, Ian Cordasco <graffatcolmingov@gmail.com> wrote:
Hello,
There's a new mailing-list related to Python code-quality tools.
Are you concerned about the evolution of various code checkers? Do you have questions or suggestions?
Subscribe here: http://mail.python.org/mailman/listinfo/code-quality
Best regards, Ian _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/asolano%40icai.es
Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase.
AFAICT CPython already benefits from Coverity scans (I guess the Python-security guys receive those notifications). Note that this only covers the C codebase. cf
On 4/3/13, Charles-François Natali <cf.natali@gmail.com> wrote:
Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase.
AFAICT CPython already benefits from Coverity scans (I guess the Python-security guys receive those notifications). Note that this only covers the C codebase.
... but the question seems to be « is there anything similar that could be used for Python code ? » -- Regards, Olemis. Apache™ Bloodhound contributor http://issues.apache.org/bloodhound Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article:
Le Thu, 4 Apr 2013 06:57:14 +0200, Charles-François Natali <cf.natali@gmail.com> a écrit :
Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase.
AFAICT CPython already benefits from Coverity scans (I guess the Python-security guys receive those notifications). Note that this only covers the C codebase.
Correction: the security@ address doesn't receive any coverity notifications. Perhaps someone checks the (private) coverity builds from time to time, but I don't think there's anything automatic. Regards Antoine.
On Thu, Apr 4, 2013 at 10:42 AM, Antoine Pitrou <solipsis@pitrou.net> wrote:
Le Thu, 4 Apr 2013 06:57:14 +0200, Charles-François Natali <cf.natali@gmail.com> a écrit :
Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase.
AFAICT CPython already benefits from Coverity scans (I guess the Python-security guys receive those notifications). Note that this only covers the C codebase.
Correction: the security@ address doesn't receive any coverity notifications. Perhaps someone checks the (private) coverity builds from time to time, but I don't think there's anything automatic.
Christian Heimes has a daily build set up and checks the results periodically.
On Wed, Apr 3, 2013 at 9:21 PM, Alfredo Solano Martínez <asolano@icai.es> wrote:
Hi,
Are you planning to cover the code quality of the interpreter itself too? I've been recently reading through the cert.org secure coding practice recommendations and was wondering if there has is any ongoing effort to perform static analysis on the cpython codebase.
Hey Alfredo, We do not currently have any tools to do that, but it would definitely be something interesting to discuss and maybe design on the list. I'm sure there are static analysis tools for the C part and I'm sure we as a community could come up with a "super tool" to check both the C and Python parts of CPython. -- Ian
On Thu, Apr 4, 2013 at 2:45 PM, Ian Cordasco <graffatcolmingov@gmail.com> wrote:
Hey Alfredo,
We do not currently have any tools to do that, but it would definitely be something interesting to discuss and maybe design on the list. I'm sure there are static analysis tools for the C part and I'm sure we as a community could come up with a "super tool" to check both the C and Python parts of CPython.
As cf said it seems they're using Coverity for the C part, but the idea of checking the cpython interpreter with python itself is intriguing. Suscribed. Alfredo
Ian Cordasco <graffatcolmingov@gmail.com> writes:
Are you concerned about the evolution of various code checkers? Do you have questions or suggestions?
Subscribe here: http://mail.python.org/mailman/listinfo/code-quality
Now available via Gmane also <URL:http://dir.gmane.org/gmane.comp.python.code-quality>. Thanks guys! -- \ “I have never imputed to Nature a purpose or a goal, or | `\ anything that could be understood as anthropomorphic.” —Albert | _o__) Einstein, unsent letter, 1955 | Ben Finney
participants (7)
-
Alfredo Solano Martínez -
Antoine Pitrou -
Ben Finney -
Brett Cannon -
Charles-François Natali -
Ian Cordasco -
Olemis Lang