On 29 June 2016 at 17:55, Thomas Darimont <thomas.darimont@googlemail.com> wrote:Hello group,I just ran findbugs [1] with the find-sec-bugs [0] and found quite a bunch of rathersuspicious places in the Keycloak codebase.Note that I don't wont to blame anyone but rather try to improve the codebase :)For instance there are some quite prominent (and sensitive) non-final public static fields that couldbe easily changed to something else (in case they aren't inlined).Further more there seem to be some dead code left-overs from merges spread over the codebase e.g:Question is how to deal with that?I could send PRs for those issues - they would contain quite a bunch of fileswith minor changes. Would you be open to such contributions and if so, what JIRA issueshould one reference here?Ideally it would be broken into JIRAs and sent PRs for a few changes at a time. If you send to many changes in one PR/JIRA it would be much more effort to review the PR.Cheers,Thomas
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev