Since Sebb's original report the code base has changed quite a bit so I reran findbugs.
I've fixed most of them, still open are: * JarArchiveEntry certificates and manifestAttributes is never written to, so they are useless. I'm unsure of the class' purpose and simply left things as they are, assuming setters will be provided one day. * ZipOutputStream contains some proteted static final byte[] "constants" This means any subclass could modify them. Findbugs suggests to make the package private. Ant couldn't do that because of backwards incompatibility, but a sandbox component can. Should we? * ArchiveStreamFactory should do something when it fails to read enough bytes for the signature, but what? Given the original TODO comment, I stayed away from a decision. * CpioArchiveEntry#setMode first performs some work to check the mode just passed in, creates an IllegalArgumentException if it is unknown and then forgets to throw it. If I change the code to actually throw the exception, testCpioUnarchive fails. Obviously the code supports more modes than it thinks. Remove the checks? Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
