Requiring LGTM looks good to me. It does not seem to have a high rate of
false-positives like some other linters, but if we are making it gating, what
would the process look like to override a false-positive?
On 12/16/21, 10:37 AM, "Anthony Baker" <bak...@vmware.com> wrote:
Thanks Robert, I think this is important. I think this is a good first
step.
In future I think we should consider adding a CI job to ensure that
pre-existing security errors are addressed. Perhaps GitHub code scanning is
worth investigating since they have acquired the LGTM product.
Anthony
> On Dec 16, 2021, at 10:08 AM, Robert Houghton <rhough...@vmware.com>
wrote:
>
> We have had LGTM tests enabled on Apache Geode PRs for quite some time,
and have done a great job of trending those warnings and errors to in the right
direction. I would like to make the change to our GitHub to make those changes
blocking for all new PRs, given their reliability and lack-of-flakiness.
>
> Does anyone have strong feelings against that?
>
> -Robert Houghton
