[Python-Dev] Code quality report
Guido van Rossum
guido at python.org
Sat Sep 24 12:26:43 EDT 2016
Thanks for watching our back, Christian! Regarding the security bugs,
what would be most helpful? Code reviews? Patches? Testing? Just
commits? Hopefully there are some people here who want to help making
Python 3.6 more secure (I hear this list has thousands of lurkers :-).
On Sat, Sep 24, 2016 at 6:05 AM, Christian Heimes <christian at python.org> wrote:
> Hi,
>
> here is a short code quality report. Overall we are in a good shape for
> Python 3.6.0. I'm a bit worried about the amount of security bugs,
> though. Some haven't progressed in more than a year.
>
>
> Coverity Scan
> -------------
>
> 3.6.0b1 added a bunch of new defects, most of them were false positives.
> Python is down again to zero open defects (default branch on Linux X86_64).
>
> total defects: 1,115
> outstanding defects: 0
> dismissed: 169
> fixed: 946
> https://scan.coverity.com/projects/python
>
>
> C code coverage
> ---------------
>
> I have updated my LCOV report (GCC on Linux X86_64). Our test coverage
> is quite good.
>
> line coverage: 81.9 %
> function coverage: 92.5 %
> https://tiran.bitbucket.io/python-lcov/
>
>
> security bugs
> -------------
>
> I'm seeing 46 open security bugs on our bug tracker,
> http://bit.ly/2cYWZy0 .
>
>
> configure / compile warnings
> ----------------------------
>
> Python configures and compiles without warnings with GCC on Linux
> X86_64. Clang emits four warnings for unreachable code. All warnings are
> harmless.
>
> On i686 I'm still getting four warnings in the KeccakCodePackage (sha3),
> https://bugs.python.org/issue28117.
>
> Regards,
> Christian
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido%40python.org
>
--
--Guido van Rossum (python.org/~guido)
More information about the Python-Dev
mailing list