Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Re: Time to drop codeql from the CI setup?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: 陈星杵 via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 22 Dec 2024 18:07:32 +0800 (GMT+08:00)
So do you want to not use CodeQL in the Git? I think the bugs that CodeQL can find rely too much on expert knowledge, so this may be the reason why it is not effective.
> -----原始邮件-----
> 发件人: "Dan Fandrich via curl-library" <curl-library_at_lists.haxx.se>
> 发送时间: 2024-12-22 03:33:43 (星期日)
> 收件人: curl-library_at_lists.haxx.se
> 抄送: "Dan Fandrich" <dan_at_coneharvesters.com>
> 主题: Re: Time to drop codeql from the CI setup?
>
> On Sat, Dec 21, 2024 at 03:04:39PM +0100, Daniel Stenberg via curl-library wrote:
> > We started using codeql for static code analysis in 7183f5acc3d7ca39,
> > June 2020.
> >
> > Since then, not a single commit has been merged into the source code repository citing codeql as
> > source or reason. Yet, it keeps getting updated and we get constant reminders to upgrade the
> > pinning it to the latest hash.
>
> There have been 158 issues raised by CodeQL in that time. Every single one of
> them was closed as "false positive" or "won't fix". So, I think you're onto
> something.
>
> Dan
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
</dan_at_coneharvesters.com></curl-library_at_lists.haxx.se>
Date: Sun, 22 Dec 2024 18:07:32 +0800 (GMT+08:00)
So do you want to not use CodeQL in the Git? I think the bugs that CodeQL can find rely too much on expert knowledge, so this may be the reason why it is not effective.
> -----原始邮件-----
> 发件人: "Dan Fandrich via curl-library" <curl-library_at_lists.haxx.se>
> 发送时间: 2024-12-22 03:33:43 (星期日)
> 收件人: curl-library_at_lists.haxx.se
> 抄送: "Dan Fandrich" <dan_at_coneharvesters.com>
> 主题: Re: Time to drop codeql from the CI setup?
>
> On Sat, Dec 21, 2024 at 03:04:39PM +0100, Daniel Stenberg via curl-library wrote:
> > We started using codeql for static code analysis in 7183f5acc3d7ca39,
> > June 2020.
> >
> > Since then, not a single commit has been merged into the source code repository citing codeql as
> > source or reason. Yet, it keeps getting updated and we get constant reminders to upgrade the
> > pinning it to the latest hash.
>
> There have been 158 issues raised by CodeQL in that time. Every single one of
> them was closed as "false positive" or "won't fix". So, I think you're onto
> something.
>
> Dan
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
</dan_at_coneharvesters.com></curl-library_at_lists.haxx.se>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-12-22