Bug#891422: tracker.debian.org: link to cppcheck results for packages

To: Daniel Marjamäki <daniel.marjamaki@gmail.com>
Cc: 891422@bugs.debian.org
Subject: Bug#891422: tracker.debian.org: link to cppcheck results for packages
From: Paul Wise <pabs@debian.org>
Date: Tue, 27 Feb 2018 07:37:18 +0800
Message-id: <[🔎] 1519688238.24072.19.camel@debian.org>
Reply-to: Paul Wise <pabs@debian.org>, 891422@bugs.debian.org
In-reply-to: <[🔎] CAMabPZRE0i0+9wgc+jkOn8UAp97dPi=iJEKW=Y7J_dVDDj198Q@mail.gmail.com>
References: <[🔎] CAMabPZRkAOdKthgOHiO8uN3RhTmDpjqzxKkY8e010c6Y9ok_Sg@mail.gmail.com> <[🔎] CAKTje6G7a23EFCggSRC2cZFCu8L_aN5Eps9KW-QjUVQBe492ww@mail.gmail.com> <[🔎] CAMabPZRE0i0+9wgc+jkOn8UAp97dPi=iJEKW=Y7J_dVDDj198Q@mail.gmail.com> <[🔎] CAMabPZRkAOdKthgOHiO8uN3RhTmDpjqzxKkY8e010c6Y9ok_Sg@mail.gmail.com>

On Mon, 2018-02-26 at 22:00 +0100, Daniel Marjamäki wrote:

> I analyze the debian source packages I find here:
> 
> ftp://ftp.se.debian.org/debian/pool/main/

Which suite are you analysing?

To start with I think unstable/sid would be the best option,
since that is the suite that most development happens in.

> If you have an alternative location that you would prefer let me know.

http://deb.debian.org/ would be a better location, since it is based on
a set of CDN networks and is more likely to be up to date and fast.

> Maybe there is some better location with "bleeding edge" source code
> for instance.

New versions of packages are briefly available here before they reach
the main archive and pass through the mirror network, additionally
analysing that would allow you to have cppcheck results earlier.

https://incoming.debian.org/

> Imagine I analyze these packages:
> ftp://ftp.se.debian.org/debian/pool/main/a/a2jmidid/a2jmidid_8~dfsg0.orig.tar.bz2
> ftp://ftp.se.debian.org/debian/pool/main/a/a2ps/a2ps_4.14.orig.tar.gz

These are the upstream tarballs, without any Debian patches applied, so
you might get false positives if the Debian patches fix cppcheck issues.

I don't know what constraints you have, but to unpack Debian source
packages and apply patches, dpkg-source from dpkg-dev should be used.

> How about some format like this:
> 
> [
>   { "package" : "a2jmidid", "results" :
> "http://www.cppcheck.net/devinfo/daca2/a2jmidid.txt"; },
>   { "package" : "a2ps", "results" :
> "http://www.cppcheck.net/devinfo/daca2/a2ps.txt"; }
> ]

That looks good to me.

> I am not against that additional output formats are added.
> 
> However I would like to understand the reason for doing it. I have the
> impression that firehose has some builtin cppcheck-import function.

The firehose Python module has support for transforming the cppcheck
XML format into the Firehose format. It would be more efficient for
consumers of the Firehose format to be able to directly consume the
output of cppcheck rather than having to pass through a converter.
Basically, the firehose Python module is a workaround for the fact
that each static analysis tool invents different output formats.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#891422: tracker.debian.org: link to cppcheck results for packages
  - From: Daniel Marjamäki <daniel.marjamaki@gmail.com>
- Bug#891422: tracker.debian.org: link to cppcheck results for packages
  - From: Paul Wise <pabs@debian.org>
- Bug#891422: tracker.debian.org: link to cppcheck results for packages
  - From: Daniel Marjamäki <daniel.marjamaki@gmail.com>

Prev by Date: Re: recutils is marked for autoremoval from testing
Next by Date: Bug#845697: "Package XY does not exist" when pasting a blank into Jump to package field #845697
Previous by thread: Bug#891422: tracker.debian.org: link to cppcheck results for packages
Next by thread: Bug#891504: tracker.debian.org: emails sent to 'team+slug@tracker.d.o' are trashed
Index(es):
- Date
- Thread