Comments (5)
Since there's already a makefile, the Autotools (specifically automake) would be the simplest to transition to. I even created a video tutorial on the autotools, so I'm quite familiar with it.
HOWEVER: What is the goal? I want to use simple tools if there's no big advantage to more sophisticated tools. The makefile is pretty simple. Is there a specific example of what you think should be done?
@squinky86 - your thoughts would be welcome.
from flawfinder.
- Does a tool like “autoscan” show any software dependencies that you find worth for further considerations?
- How do you think about to support more development environments by the reuse of build system generators?
from flawfinder.
Flawfinder is the first python project I've worked with that has a makefile. Most python projects, in my experience, just worry about setup.py and let users/developers handle any special cases beyond that. I could see a build system being useful to check for tools like ps2pdf, but I see it as more of a reference with helpful shortcuts more than a "this is the only way to build the project" makefile.
Setuptools' setup.py is sufficient as the cross-platform build system, but I wouldn't be opposed to also supporting one of the other build systems. I'm more familiar with Autotools as well (https://www.gnu.org/software/automake/manual/html_node/Python.html).
from flawfinder.
I think in this case the negatives of a bigger build system generator outweigh the positives.
Flawfinder is designed to be extremely easy-to-install in many situations. In particular, I want to support copy-single-file installations, where users can simply copy "flawfinder" where they want & have it "just work". So I specifically forbid external dependencies other than the built-in libraries. That means users can ignore the setup.py if they wish. That also means that having a separate configuration tool is not going to work in this case.
This reasoning is specifically for this one tool. I use other systems on other projects, and I even created an autotools tutorial on Youtube, so I'm certainly familiar with other tools and find them useful. But in this case I'm trying to make things absurdly easy for users to install in a variety of circumstances, including when they cannot use pip.
So I appreciate the comments, but this would hamper end-user experience, which I think is more important. Thanks!
from flawfinder.
I imagine that your software distribution goals can be achieved also by a collaboration with additional build tools.
from flawfinder.
Related Issues (20)
- Add a --ignore option
- Invalid helpUri generated HOT 1
- SARIF artifact location paths HOT 3
- Character Encoding Error on UTF-8 Encoded Source File with U+0441 HOT 18
- Warn when PQExec is called with a non-constant to warn about SQL injection in PostgreSQL
- --csv option wont output hits to csv file from mac terminal
- FF1057 is missing CWE attribution in the warning text HOT 1
- Flawfinder does scan the directory with symlinks and exits quietly with error code HOT 1
- binary/hex integer literals with separators lead to parse error HOT 2
- Flawfinder reports abseil::StrCat the same as std:strcat HOT 1
- Can I Modfy more CWE? HOT 1
- SARIF output malformed due to incorrect URI, which causes GitHub upload to fail HOT 1
- Supported python versions HOT 1
- Allow skipping bad characters HOT 4
- flawfinder mis-identifies symbols named "system" as CWE-78
- Declaration of simple C++ method named "read()" triggers CWE-
- Grouping issues by vulnerability title
- Add a smell score for each file
- Improve sscanf and friend vulnerability context
- False positive when a variable is named "system"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flawfinder.