Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Re: Time to drop codeql from the CI setup?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 22 Dec 2024 14:05:31 +0100 (CET)
On Sun, 22 Dec 2024, 陈星杵 via curl-library wrote:
> So do you want to not use CodeQL in the Git? I think the bugs that CodeQL
> can find rely too much on expert knowledge, so this may be the reason why it
> is not effective.
Not at all. We have plenty of experts around the project, that's not the
problem.
The problem is that CodeQL only finds silly things that we already know and
need, like warning for openening files. I suspect partly because we already
have found and fixed the easy problems that CodeQL could perhaps otherwise
detect in a younger C program having had less time to mature.
Date: Sun, 22 Dec 2024 14:05:31 +0100 (CET)
On Sun, 22 Dec 2024, 陈星杵 via curl-library wrote:
> So do you want to not use CodeQL in the Git? I think the bugs that CodeQL
> can find rely too much on expert knowledge, so this may be the reason why it
> is not effective.
Not at all. We have plenty of experts around the project, that's not the
problem.
The problem is that CodeQL only finds silly things that we already know and
need, like warning for openening files. I suspect partly because we already
have found and fixed the easy problems that CodeQL could perhaps otherwise
detect in a younger C program having had less time to mature.
-- / daniel.haxx.se || https://rock-solid.curl.dev
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-12-22