[FB-Discuss] Project status

TvT tvtreeck at nepatec.de
Wed Nov 2 03:14:20 EDT 2016


Hey folks,

am I the only one who thinks that we are going off topic? The question from
Juan was *not about what you use* (as an alternative) but about the *future
of findbugs*.
Still to shortly break it down what has been said:
1.) Sonar did surpass Findbugs
Answer: Sonar uses Findbugs under the hood - as Konstantsin indicated its
just a pretty UI and a server interface...
2.) Sonar developed Squid
Answer: Mhm the link you posted showed 3 rules supported by squid. How many
are there today?
3.) Intellij could be an alternative?
Answer: What about the folks using a different IDE? And to run my IDE on a
server in batch mode - raises so many questions I won't even begin with.
Don't get me wrong, I'd like to use IJ for android development however its
a totally different thing we are talking about here...

So what about the future of Findbugs?

1. I think Findbugs is a high value tool which deserves much more than the
current dormant situation.
2. Is Bill the only one who can commit to github? I would contact Bill a
last time and inform him about the plan (and give him some time to react).
3. The central question for me is, would it be possible to convince most of
the developers to support the new fork.
4. It is important to focus on ONE fork since this all only works as s
combined community effort.
5. Then lets create a fork and from time to time we make pull requests so
that the original project always as the chance to restart...

Regards,
TvT

2016-11-02 4:03 GMT+01:00 Tagir Valeev <amaembo at gmail.com>:

> Hello!
>
> I personally switched to developing static analysis in IntelliJ IDEA.
> IntelliJ IDEA community edition [1] is free and open-source and has really
> good static analyzer. It also could be launched in headless batch mode on
> CI server, etc. (outputting results as XML). I don't know how it integrates
> with various CI systems (it definitely has good integration with TeamCity
> though), but writing CI plugins to support IDEA should not be very hard. It
> manipulates source code rather than bytecode, thus the results are more
> precise. Also it has really good code model which makes developing new
> inspections much easier, compared to FindBugs. Of course it has pluggable
> architecture, so custom plugins could be developed as well (there's free
> DevKit IDEA plugin which helps to develop custom plugins). It has most of
> FindBugs diagnostics (many with quick-fixes available). It supports pretty
> well Java-8 and Java-9 and actively developed, so for me it's much more
> productive to enhance IDEA than trying to support FindBugs.
>
> With best regards,
> Tagir Valeev.
>
> [1] https://github.com/JetBrains/intellij-community
>
> On Wed, Nov 2, 2016 at 7:17 AM, Kelly O'Hair <kellyohair at gmail.com> wrote:
>
>> There is something to said for a project that doesn’t change, makes it
>> predictable at least. ;)
>>
>> I have hundreds of projects that use findbugs as part of a GIT merge to
>> master branch check, all built into the Gradle builds.
>> My experience with Sonar was that it wasn’t something we could run as
>> part of the build or verification before we allowed a merge into the master
>> branch.
>> We just apply the findbugs gradle plugin and setup our default rules,
>> nothing to it, we block anyone adding new findbugs issues.
>>
>> So fork it or not, but I would not question it’s value as a command line
>> tool. We use Sonar too, but it is more for an 'after the fact' report,
>> mostly something for managers to look at, pretty graphs and all (shiny
>> objects :). We have discovered that if developers are not blocked at the
>> time the issue is created, they will ignore you and all the after reports
>> and warnings.
>>
>> -kto
>>
>> > On Nov 1, 2016, at 4:24 PM, Oliver B. Fischer <o.b.fischer at swe-blog.net>
>> wrote:
>> >
>> > Hi Nicolai,
>> >
>> > I am "only" a user of findbugs and I use it in several projects. We
>> don't have Sonar Qube. We simply need something checking our stuff during a
>> build.
>> >
>> > Oliver
>> >
>> > Am 01.11.16 um 22:19 schrieb Nicolai Parlog:
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA256
>> >>
>> >>  Hi!
>> >>
>> >> I'm just a bystander and am going to play devil's advocate here, so
>> >> please feel free to ignore what I say. :)
>> >>
>> >> But... is FindBugs still relevant? Personally I feel like Sonar has
>> >> surpassed it in many aspects including UX and agility. Maybe FindBugs
>> >> has done its deed and it is simply time to step down now.
>> >>
>> >> A different perspective: Considering the effort of forking the
>> >> project, setting up new infrastructure, and advertising its mere
>> >> existence - how much time is going to go into code? Are you sure you
>> >> can keep up with this?
>> >>
>> >>      https://github.com/SonarSource/sonarqube/commits/master
>> >>
>> >> Now, this is not based on many facts - I'd love to see see some, e.g.
>> >> regarding market share or rule overlap.
>> >>
>> >> I hope I wasn't too crass and hurt no feelings.
>> >>
>> >>  so long ... Nicolai
>> >>
>> >>
>> >>
>> >> On 01.11.2016 21:53, Juan Martín Sotuyo Dodero wrote:
>> >>> Hi everyone,
>> >>>
>> >>> Over the last week I've been talking with several members of the
>> >>> FindBugs community and so far we all share the same worries.
>> >>> FindBugs is stagnant due to the prolonged absence of Bill Pugh.
>> >>>
>> >>> It's hard to imagine a future for FindBugs where no one can update
>> >>> the SourceForge pages, make a release on SourceForge, enable a CI
>> >>> server such as Travis, add members to the GitHub organization or
>> >>> even publish to Maven Central.
>> >>>
>> >>> Currently only Andrey Loskutov sees to be active. I've seen him
>> >>> trying to get Bill to perform many of these tasks over the past,
>> >>> and retrying recently, but time keeps passing. It's been 9 months
>> >>> since he requested to update the site
>> >>> <https://github.com/findbugsproject/findbugs/issues/80> and 13
>> >>> since people requested to enable Travis
>> >>> <https://github.com/findbugsproject/findbugs/pull/48>.
>> >>>
>> >>> I would like to know if anyone has any knowledge of Bill's current
>> >>> status. His github page <https://github.com/billpugh> shows he has
>> >>> been working sporadically over the last year, but always on other
>> >>> projects.
>> >>>
>> >>> I strongly believe the team needs to get reorganized, but I fear
>> >>> without Bill to grant accesses, this is next to impossible. Myself
>> >>> and those I've contacted dread this horrible idea, but fear that
>> >>> the only way forward as things stand is forking FindBugs. This is
>> >>> clearly a last resource, and under no circumstance our first
>> >>> choice; but as months keep passing, it seems ever more appealing.
>> >>>
>> >>> Is there any way the current situation can be reverted? Can we
>> >>> help in any way?
>> >>>
>> >>> Shall there not be, we are most likely to start a new organization
>> >>> and adopt a different name (FindBugs is trademarked), but would
>> >>> probably commit to keeping binary compatibility (public APIs) to
>> >>> minimize transition cost for anyone moving with us. Everyone
>> >>> willing to contribute would be more than welcomed.
>> >>>
>> >>> Once again, we would rather not have to take this course. I hope
>> >>> it can be avoided for the sake of FindBugs.
>> >>>
>> >>> Thanks for your time
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________ Findbugs-discuss
>> >>> mailing list Findbugs-discuss at cs.umd.edu
>> >>> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>> >>>
>> >> - --
>> >> PGP Key:
>> >>     http://keys.gnupg.net/pks/lookup?op=vindex&search=0xCA3BAD2
>> E9CCCD509
>> >>
>> >> Web:
>> >>     http://codefx.org
>> >>         a blog about software development
>> >>     https://www.sitepoint.com/java
>> >>         high-quality Java/JVM content
>> >>     http://do-foss.de
>> >>         Free and Open Source Software for the City of Dortmund
>> >>
>> >> Twitter:
>> >>     https://twitter.com/nipafx
>> >> -----BEGIN PGP SIGNATURE-----
>> >>
>> >> iQIcBAEBCAAGBQJYGQb8AAoJEMo7rS6czNUJ1iIP/12/jR4LonnwCh80ZcJRtG5b
>> >> HxQgShbCUaaL78Q5UYpuzVg3XErvGN+u97tmBKJEJ66xSgYfc//0Iv6pdKBEPo1l
>> >> lslnSXqlu+E6IdGl7yAOcNRnejDG11FFQ3WNZTYBc4gS5d67PrkWDaww6l6Yfiqm
>> >> zShf70IAwS4+uIN9EwqUqEBN9PV59XuIvwnwwqZ7CUUWdpIbHkUBrdmJWc64j1Hk
>> >> 6jsurp8prU0zxhrUDTNM7vdYA2h2OIMboGb/L0hT4RuhQTys0GEPDJJt88C8C3fQ
>> >> 2PSO2Bt/MxC7GJ9dEcTrsZ9JeZ72+jaaMrdea8XAKnR3uPTWN6GTvDcryjzmJhja
>> >> J5rZ1r/RJ7HrVvjskP0yiIlr5xiAwpEpVo4nwBsa6xfCE+nBtyfOx/UMlMemWosE
>> >> jA6c5qpGiCYjlZ2hs0KNmO+a904yEU2wZrMCi+f1H79W5wSKbMYNveZ7MyA1Z2ie
>> >> nLdGFWAzQ3dKWwsjLFGqHBLQr6iQs6R3qfXKZPuDnlEnlHjejBXLwRUV+Hay/7KL
>> >> d5Q6HHBR55rfAg4UV98DbxqWDL/Pfk230MLVXQOeq91S+xF4OpVefuDqk5Jq4KZn
>> >> oqqXhMOoqicH9ejAAYj5v+vQZ1Ah5vpOYNJHbx3m5SN5EG1bH6ysWeJ4+TbINDEp
>> >> IXV0ly61dnCxhxS5/5VD
>> >> =ALxV
>> >> -----END PGP SIGNATURE-----
>> >> _______________________________________________
>> >> Findbugs-discuss mailing list
>> >> Findbugs-discuss at cs.umd.edu
>> >> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>> >
>> > --
>> > N Oliver B. Fischer
>> > A Schönhauser Allee 64, 10437 Berlin, Deutschland/Germany
>> > P +49 30 44793251
>> > M +49 178 7903538
>> > E o.b.fischer at swe-blog.net
>> > S oliver.b.fischer
>> > J oliver.b.fischer at jabber.org
>> > X http://xing.to/obf
>> >
>> > _______________________________________________
>> > Findbugs-discuss mailing list
>> > Findbugs-discuss at cs.umd.edu
>> > https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>>
>> _______________________________________________
>> Findbugs-discuss mailing list
>> Findbugs-discuss at cs.umd.edu
>> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>>
>
>
> _______________________________________________
> Findbugs-discuss mailing list
> Findbugs-discuss at cs.umd.edu
> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.umd.edu/pipermail/findbugs-discuss/attachments/20161102/5ece28d4/attachment-0001.html>


More information about the Findbugs-discuss mailing list