[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tar + cpio - covscan issues
From: |
Kamil Dudka |
Subject: |
Re: tar + cpio - covscan issues |
Date: |
Sat, 17 Apr 2021 16:21:48 +0200 |
On Saturday, April 17, 2021 12:01:56 AM CEST Bruno Haible wrote:
> Kamil Dudka wrote:
> > > Downstream consumers can exclude the gnulib-copied directories using the
> > > 'csgrep' program, AFAIU?
> >
> > Not so easily. csgrep can filter the results by path in the source tree.
> > The problem with gnulib is that different projects embed it in different
> > directories. For example, coreutils has it in /lib whereas findutils has
> > it in /gl/lib while /lib contains other source files that we do not want
> > to exclude. So we would have to maintain such exclusion lists per
> > project.
> >
> > People maintaining their own medium-size projects can easily play with
> > this. I am in a different situation when I need to scan 3700 distinct
> > projects and approx. 480 million lines of code with more or less the same
> > manpower ;-)
> These project-specific settings regarding gnulib are stored in a file named
> 'gnulib-cache.m4' by gnulib-tool.m4. Currently, few packages are storing
> this file under version control or packaging it in tarballs. But we could
> change this by documenting that it should be included in the tarballs, or
> by modifying gnulib-tool slightly.
>
> Are you working with git repository checkouts or with tarballs?
>
> Bruno
The packages that I am scanning now are based on distribution tarballs but
there is currently some effort to provide git-based workflow optionally for
Fedora/RHEL packages where maintainers prefer it:
https://packit.dev/docs/source-git/
I am not sure how much they take gnulib into account while developing this.
Kamil
- Re: tar + cpio - covscan issues, (continued)
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/10
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/10
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/10
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/11
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/15
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/15
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/16
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/16
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/16
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/16
- Re: tar + cpio - covscan issues,
Kamil Dudka <=
Re: tar + cpio - covscan issues, Ondrej Dubaj, 2021/04/12