Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: Which feature in SpotBugs core you're actively using? #65

Closed
KengoTODA opened this issue Jan 28, 2019 · 15 comments
Closed

RFC: Which feature in SpotBugs core you're actively using? #65

KengoTODA opened this issue Jan 28, 2019 · 15 comments

Comments

@KengoTODA
Copy link
Member

@KengoTODA KengoTODA commented Jan 28, 2019

We're going to switch from developing 3.1 to 4.0 from the next month. And in this major version up, I want to consider to drop several features that isn't so used in community, to make our project easy to hack and maintain.

I will list features that is not so major in my personal understanding. Please vote for active feature in your usage. I will keep actively voted features even in 4.0.

Target Features

  • scripts that is not used so widely.
  • Bug rank that is optional and not so used widely in my understanding (each project has their priority, so it's better to handle 'rank' outside of SpotBugs like SonarQube)
  • Priority/Confidence, by the same reason with bug rank
  • 'speed' attribute in findbugs.xml
  • SQL
  • JNLP for outdated Java Web Start

Vote






@polls polls bot added the Polls label Jan 28, 2019
@iloveeclipse

This comment has been minimized.

Copy link
Member

@iloveeclipse iloveeclipse commented Jan 28, 2019

Any clue how to vote?

@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Jan 28, 2019

To vote, click bar in the post. Here is example: https://github.com/apex/gh-polls

@KengoTODA KengoTODA pinned this issue Jan 28, 2019
@iloveeclipse

This comment has been minimized.

Copy link
Member

@iloveeclipse iloveeclipse commented Jan 28, 2019

And again, if you remove Bug Rank, Proirity and Confidence, you will not be able to use SpotBugs without SonarQube, so you will break Eclipse plugin and tools using xml output (so command line which generates html reports).

@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Jan 28, 2019

Yes so we need to update Eclipse plugin side too. Let's do so if and only if these features are not used by users. :)

@iloveeclipse

This comment has been minimized.

Copy link
Member

@iloveeclipse iloveeclipse commented Jan 28, 2019

Sorry, I didn't get it. You propose to remove rank, confidence and priority - so how users are supposed to differentiate various bugs then? Another one metric?

@iloveeclipse

This comment has been minimized.

Copy link
Member

@iloveeclipse iloveeclipse commented Jan 28, 2019

Is there any reason why script and bug rank bars show 50% but confidence 100%, but all three have ea h one vote? Schouldn't the bars show same value?

@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Jan 28, 2019

wmm, maybe it's problem caused by my process to make these polls. Only 'confidence and priority' is handled as individual polls so it's always 100%.

There are already multiple vote, so plz kindly let me keep current situation. I'll remember that bar chart of this item isn't intuitive.

@mkienenb

This comment has been minimized.

Copy link

@mkienenb mkienenb commented Jan 28, 2019

Something to keep in mind.

If you are starting with a clean slate, you might not find rank important, but if you are applying spotbugs to an existing project for the first time, the output will be overwhelming. Rank gives people guidance which items need to be handled first.

Once everything is fixed, or if you are starting a new project, rank isn't as important.

@h3xstream

This comment has been minimized.

Copy link
Member

@h3xstream h3xstream commented Jan 31, 2019

I clicked on "priority and confidence". It was not clear if it was for the removal or for keeping the feature.

@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Feb 1, 2019

@h3xstream keeping. please vote on feature that you are using. Sorry for this confusion :<

@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Feb 1, 2019

@mkienenb yes I know, but most legacy projects don't need latest feature of SpotBugs, they just need 'bug fixed FindBugs' then 3.1.x should be enough. :)

@mkienenb

This comment has been minimized.

Copy link

@mkienenb mkienenb commented Feb 1, 2019

@KengoTODA I think you misunderstood the point I was trying to make.

There will always be new end-users of spotbugs with existing unchecked projects. When they go and download the latest version of Spotbugs and run it for the first time, having the bug rank levels is going to be important. 'Bug-fixed findbugs' and 3.1.x may no longer be usable or available at that point, and even assuming that the version of java they are using permits it, should we be pointing first-time new end-users of spotbugs to another obsolete product or old versions?

Rank is always going to be useful for the "I just learned about static code analysis tools and want to start using them" category of end-users. They are not going to go download old versions of spotbugs nor will they download an abandoned project to try it out.

@ksnortum

This comment has been minimized.

Copy link

@ksnortum ksnortum commented Feb 1, 2019

@aaime

This comment has been minimized.

Copy link

@aaime aaime commented Feb 17, 2019

I just added SpotBugs in the mix in a very old project, and single handedly started fixing issues. I started by fixing only rank 1, and bit by bit went up to rank 10 (mind, using build checks and having the build fail, without a build failure nobody else would have cared). Without a way organize reports by some sort of priority, I would not have been able to start (and indeed, I tried spotbugs first, was reporting too many things and could not figure out how to configure it, so I've integrated errorprone and pmd first, and only later added spotbugs to the mix too).

@KengoTODA KengoTODA unpinned this issue Mar 4, 2019
@KengoTODA

This comment has been minimized.

Copy link
Member Author

@KengoTODA KengoTODA commented Mar 4, 2019

Hello all,

Thanks for your feedback! Now I'm sure that some features are actively used. I'm little bit surprised that sql and jnlp also have users, but at least its usage isn't so high comparing than others:

which feature in spotbugs core you re actively using_

I'm going to propose deprecating sql, jnlp and speed attribute. I won't touch others that has much users. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.