D19996: WIP Add a global test for insecure http: URLs used in code or documentation

Volker Krause noreply at phabricator.kde.org
Mon Jun 17 19:07:05 BST 2019


vkrause added a comment.


  In D19996#480571 <https://phabricator.kde.org/D19996#480571>, @kossebau wrote:
  
  > Any chance this could not be done by abusing KDECMakeSettings.cmake as injection vector?
  
  
  I completely agree that this is a rather hacky approach. IMHO the challenge here is finding an approach that gives us very wide coverage. That's why I'm not too happy with e.g. an opt-in approach where we have to enable this per repo, even if that would be a lot cleaner from the ECM POV.
  
  It however does not need to be ECM based at all, an alternative approach might be an EBN-like service or dedicated CI job scanning all our repos for this. That would have an even wider coverage (e.g. websites and translations), but it would somewhat decouple results from development. Failing unit tests both locally and on the CI are just jumping at you much more than yet another static analysis result site.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: kossebau, winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, LeGast00n, bencreasy, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-buildsystem/attachments/20190617/facbb4b5/attachment.html>


More information about the Kde-buildsystem mailing list