Open Stack

Clark, Robert Graham wrote:
> I think there’s a lot to be gained by having tests that just flag lines as
> being interesting but give only a 0 score, an advisory note that something
> fishy was noticed and core-devs should take that into consideration as
> part of their review.
> 
> Such tests are very much on the OSSG roadmap and we hope to get some
> written up at the mid-cycle meet up if not before.

Yes, line flagging would be a useful first step for awareness. "This
looks like you're creating a temporary file with a predictable name.
Read here for more information on that problem !" or "You required this
shell command to be run as root. Are you sure root is really necessary ?
Are you sure this is not covered by another already-allowed command ?"

-- 
Thierry Carrez (ttx)