Open Stack

On 11/02/2015 07:32 PM, Davanum Srinivas wrote:
>
> If we can add this command directly in our tox.ini and entirely avoid
> having the bandit.yaml would that be even better?

Why not, but it'd have some drawbacks as well:

- should the conf generator be broken for some reason, the gate may end 
up being blocked for a while, because fixing it would be harder than 
fixing a bandit.yaml file;
- newcomers will feel overwhelmed knowing that a tool writes a config 
file for another tool that generates a report, so I'd rather keep it 
stupid simple.

WDYT?

Cyril.