toString() will just print its hashcode. I think what we should be doing is new String(Base64.encode(bytes)) instead of Base64.encode(bytes).toString()
~Rajani On 28-Jan-2014, at 2:28 pm, Ian Duffy <i...@ianduffy.ie<mailto:i...@ianduffy.ie>> wrote: Rajani, The findbugs report recorded that the conversion from the bytes array to a string failed. As a result the database value was ending up as some object. On 28 January 2014 08:49, Rajani Karuturi <rajani.karut...@citrix.com<mailto:rajani.karut...@citrix.com>>wrote: Hi Ian, Any reasons for changing the LDAP random password logic? I think this way it would make it less secure than the previous one. Thanks, ~Rajani On 28-Jan-2014, at 10:55 am, Ian Duffy <i...@ianduffy.ie<mailto:i...@ianduffy.ie>> wrote: Hi Animesh, Can you cherry-pick the below commit from from 4.3-forward to 4.3 branch? Fix findbug issues within LDAP authenticator commit 92b4f66d73562e4211d2d787554ff229dbeb5705 Thanks, Ian On 28 January 2014 03:48, Animesh Chaturvedi <animesh.chaturv...@citrix.com<mailto:animesh.chaturv...@citrix.com>>wrote: Hugo I was reviewing your commits to 4.3-forward and looked at your commits https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=f18c5a1910b6370585a1d61638b8310c3ecba5ef https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=60ac12780bfa1604902a89d5dc7937a8b9334e0d I think you want the last one which has fixes for NetUtils and XenServerStorageMotionStrategy for which you had put -1 in first RC but the commit includes more files. Can you make limited changes directly to 4.3? I want to build another RC later tonight Animesh -----Original Message----- From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] Sent: Monday, January 27, 2014 1:30 PM To: dev@cloudstack.apache.org Subject: RE: Findbugs report on 4.3-forward Agreed We need to fix the most important ones for 4.3. There may be assumptions in the code which we may not know and may get broken if these issues are fixed late. I will pull in the one Hugo casted his -1 for the first vote, any others? Animesh -----Original Message----- From: David Nalley [mailto:da...@gnsa.us] Sent: Monday, January 27, 2014 11:46 AM To: dev@cloudstack.apache.org Subject: Re: Findbugs report on 4.3-forward So just curious if I am the only one concerned about a ton of fixes going in at the last minute. If the fixes are for serious bugs and we have consensus around their severity being high enough, indeed lets fix things. My concern is that much of the QA we do is manual; and while we are getting better; fixing tons of things at the last minute may have unintended consequences that we don't know about and won't easily find. I yearn for the day when our automated testing is broad enough that we can do fixes right up to the wire and know that things still work, I am just not sure that I have confidence that we are there yet. Thoughts? I am being paranoid? --David On Mon, Jan 27, 2014 at 3:11 AM, Daan Hoogland <daan.hoogl...@gmail.com wrote: Animesh, I commented the once i made yesterday with findbugs: I allready send a few and will get you a list of the rest later today. regards, On Mon, Jan 27, 2014 at 3:48 AM, Animesh Chaturvedi <animesh.chaturv...@citrix.com> wrote: Good job fellas. I see a number of commits 20+ into 4.3-forward branch. Are their specific commits you want me to pick up out of these? Animesh -----Original Message----- From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] Sent: Sunday, January 26, 2014 2:41 AM To: dev Subject: Re: Findbugs report on 4.3-forward I didn't get very far last night and will be looking at the server package again this afternoon. bon appétit, On Sun, Jan 26, 2014 at 1:36 AM, Ian Duffy <i...@ianduffy.ie> wrote: Hi, Fixed the issues highlighted in the ldap user authentication package. Have pushed to 4.3-forward. Thanks, Ian On 25 January 2014 22:26, Daan Hoogland <daan.hoogl...@gmail.com> wrote: or reply to this mail with the filename you are working on I'll be looking at the server package as it seems to contain the most issues. On Sat, Jan 25, 2014 at 4:00 PM, Hugo Trippaers <h...@trippaers.nl> wrote: I've also added a job to master with the Findbugs report and the cobertura code coverage report. Good stuff, we have a 12% coverage of our classes with unit tests. Huge improvement over the last release where we had 4% iirc. We have 306 reports from Findbugs, of which the majority are internationalization issues. (String.getBytes without charset mostly). On the coverity site we have 6000+ issues still open, but at least that number is relatively 6000+ stable, we fix as much issues as we introduce and it's untuned so we can assume a large number of false positives there. I think that on average the automated tools tell us that code quality is improving, which a good thing. Combined with the functional testing and the simulator build we can prove that we are doing quite well on the code quality angle. http://jenkins.buildacloud.org/job/build-master-slowbuild/ Cheers, Hugo On 25 jan. 2014, at 14:13, Daan Hoogland <daan.hoogl...@gmail.com> wrote: H Hugo, I'll spend some time on it tonight. Do you have a work load distribution scheme or is it random access? ;) regards On Sat, Jan 25, 2014 at 12:39 PM, Hugo Trippaers <h...@trippaers.nl> wrote: Hey all, I've made Jenkins run the findbugs analysis on 4.3-forward. Is there somebody who is willing to help triage the findings? Maybe there is some stuff that we need to fix? the url is http://jenkins.buildacloud.org/job/cloudstack-4.3-forward-maven-bui ld /3/findbugsResult/ Cheers, Hugo
