[Python-Dev] Code quality report (original) (raw)

Guido van Rossum guido at python.org
Sat Sep 24 12:26:43 EDT 2016

Thanks for watching our back, Christian! Regarding the security bugs, what would be most helpful? Code reviews? Patches? Testing? Just commits? Hopefully there are some people here who want to help making Python 3.6 more secure (I hear this list has thousands of lurkers :-).

On Sat, Sep 24, 2016 at 6:05 AM, Christian Heimes <christian at python.org> wrote:

Hi,

here is a short code quality report. Overall we are in a good shape for Python 3.6.0. I'm a bit worried about the amount of security bugs, though. Some haven't progressed in more than a year.

Coverity Scan ------------- 3.6.0b1 added a bunch of new defects, most of them were false positives. Python is down again to zero open defects (default branch on Linux X8664). total defects: 1,115 outstanding defects: 0 dismissed: 169 fixed: 946 https://scan.coverity.com/projects/python C code coverage --------------- I have updated my LCOV report (GCC on Linux X8664). Our test coverage is quite good. line coverage: 81.9 % function coverage: 92.5 % https://tiran.bitbucket.io/python-lcov/ security bugs ------------- I'm seeing 46 open security bugs on our bug tracker, http://bit.ly/2cYWZy0 . configure / compile warnings ---------------------------- Python configures and compiles without warnings with GCC on Linux X8664. Clang emits four warnings for unreachable code. All warnings are harmless. On i686 I'm still getting four warnings in the KeccakCodePackage (sha3), https://bugs.python.org/issue28117. Regards, Christian

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido%40python.org

-- --Guido van Rossum (python.org/~guido)

More information about the Python-Dev mailing list