12:41 p.m.
Hi all,
Alternatives to PEP 8
the Google Python Style Guide
(https://google.github.io/styleguide/pyguide.html)
flake8
https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
flake8[0] is a wrapper that is enforcing a coding style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
SOLID is not related to coding style directly, but more to the
principles which form a program structure - how interfaces are built,
how components are separated, etc
PS: I haven't looked into google's styleguide yet.
[0]: http://flake8.pycqa.org/en/latest/manpage.html
[1]: https://github.com/vim-syntastic/syntastic
[2]:
https://blog.sideci.com/about-style-guide-of-python-and-linter-tool-pep8-py…
Cheers,
--
Ivan c00kiemon5ter Kanakarakis >:3
5:05 p.m.
New subject: Coding style. Was: Re: Notes: idpy dev meeting, 16 January 2018
On 22 January 2018 at 12:41, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Hi all,
Along with PEP8 and pyflakes there is Bandit[0] by the OpenStack organisation.
Alternatives to PEP 8
the Google Python Style Guide
(https://google.github.io/styleguide/pyguide.html)
flake8
https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
flake8[0] is a wrapper that is enforcing a coding style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
quote from site:
Bandit is a security linter for Python source code
Among other things, Bandit does security checks and generates reports
with errors/warning for things like outdate versions of projects,
known CVEs, insecure usage of code like spawning shells etc
Bandit integrates well with flake8[1] and thus with vim-syntastic as
presented in the previous email.
Another code quality tool I've been looking at is sonarqube[2]. I have
not looked into that tool much, I will try to find time to review it
soon.
quote from "[Idpy-discuss] Notes, idpy dev
meeting, 23 January 2018"
PEP8 is a start, but need some higher level constraints on things like variable names.
I understand this, but this does not concern syntax, but semantics. As
such, it cannot be enforced by a tool. A tool cannot know what one
wants to imply by a variable name, a tool can only enforce things like
"a variable name must be at least 4 characters". While this is
something we would like to have, it can only be enforced by manual
review as currently done on Github.
We cannot expect everything to be automated and checked, but we can
have something along those lines written down, much like what Scott
presented with the "Coding Practices" page of CoManage. We should
establish our toolset and see how far we can get with that, then write
down everything else as a list of things to watch out in code reviews.
[0]: https://wiki.openstack.org/wiki/Security/Projects/Bandit
[1]: https://github.com/tylerwince/flake8-bandit
[2]: https://www.sonarqube.org/
--
Ivan c00kiemon5ter Kanakarakis >:3
4:43 p.m.
New subject: Fwd: Coding style. Was: Re: Notes: idpy dev meeting, 16 January 2018
I realised I sent the following to the wrong address when John replied
about bandit ;)
---------- Forwarded message ----------
From: Ivan Kanakarakis <ivan.kanak at gmail.com>
Date: 23 January 2018 at 17:05
Subject: Re: [Idpy-discuss] Coding style. Was: Re: Notes: idpy dev
meeting, 16 January 2018
To: discuss at idpy.org
On 22 January 2018 at 12:41, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Hi all,
Along with PEP8 and pyflakes there is Bandit[0] by the OpenStack organisation.
Alternatives to PEP 8
the Google Python Style Guide
(https://google.github.io/styleguide/pyguide.html)
flake8
https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
flake8[0] is a wrapper that is enforcing a coding style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
quote from site:
Bandit is a security linter for Python source code
Among other things, Bandit does security checks and generates reports
with errors/warning for things like outdate versions of projects,
known CVEs, insecure usage of code like spawning shells etc
Bandit integrates well with flake8[1] and thus with vim-syntastic as
presented in the previous email.
Another code quality tool I've been looking at is sonarqube[2]. I have
not looked into that tool much, I will try to find time to review it
soon.
quote from "[Idpy-discuss] Notes, idpy dev
meeting, 23 January 2018"
PEP8 is a start, but need some higher level constraints on things like variable names.
I understand this, but this does not concern syntax, but semantics. As
such, it cannot be enforced by a tool. A tool cannot know what one
wants to imply by a variable name, a tool can only enforce things like
"a variable name must be at least 4 characters". While this is
something we would like to have, it can only be enforced by manual
review as currently done on Github.
We cannot expect everything to be automated and checked, but we can
have something along those lines written down, much like what Scott
presented with the "Coding Practices" page of CoManage. We should
establish our toolset and see how far we can get with that, then write
down everything else as a list of things to watch out in code reviews.
[0]: https://wiki.openstack.org/wiki/Security/Projects/Bandit
[1]: https://github.com/tylerwince/flake8-bandit
[2]: https://www.sonarqube.org/
--
Ivan c00kiemon5ter Kanakarakis >:3
--
Ivan c00kiemon5ter Kanakarakis >:3
4:54 p.m.
New subject: Fwd: Coding style. Was: Re: Notes: idpy dev meeting, 16 January 2018
Sorry, I had some kind of delay in my MUA and only noticed your mail about
Bandit after I had also recommended it. But it's nice to hear that you also
like it :)
//John
2018-01-24 15:43, Ivan Kanakarakis wrote:
I realised I sent the following to the wrong address
when John replied
about bandit ;)
---------- Forwarded message ----------
From: Ivan Kanakarakis <ivan.kanak at gmail.com>
Date: 23 January 2018 at 17:05
Subject: Re: [Idpy-discuss] Coding style. Was: Re: Notes: idpy dev
meeting, 16 January 2018
To: discuss at idpy.org
On 22 January 2018 at 12:41, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Hi all,
Along with PEP8 and pyflakes there is Bandit[0] by the OpenStack organisation.
Alternatives to PEP 8
the Google Python Style Guide
(https://google.github.io/styleguide/pyguide.html)
flake8
https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
flake8[0] is a wrapper that is enforcing a coding style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
quote from site:
Bandit is a security linter for Python source code
Among other things, Bandit does security checks and generates reports
with errors/warning for things like outdate versions of projects,
known CVEs, insecure usage of code like spawning shells etc
Bandit integrates well with flake8[1] and thus with vim-syntastic as
presented in the previous email.
Another code quality tool I've been looking at is sonarqube[2]. I have
not looked into that tool much, I will try to find time to review it
soon.
quote from "[Idpy-discuss] Notes, idpy dev
meeting, 23 January 2018"
PEP8 is a start, but need some higher level constraints on things like variable names.
I understand this, but this does not concern syntax, but semantics. As
such, it cannot be enforced by a tool. A tool cannot know what one
wants to imply by a variable name, a tool can only enforce things like
"a variable name must be at least 4 characters". While this is
something we would like to have, it can only be enforced by manual
review as currently done on Github.
We cannot expect everything to be automated and checked, but we can
have something along those lines written down, much like what Scott
presented with the "Coding Practices" page of CoManage. We should
establish our toolset and see how far we can get with that, then write
down everything else as a list of things to watch out in code reviews.
[0]: https://wiki.openstack.org/wiki/Security/Projects/Bandit
[1]: https://github.com/tylerwince/flake8-bandit
[2]: https://www.sonarqube.org/
--
Ivan c00kiemon5ter Kanakarakis >:3
4:33 p.m.
New subject: Coding style. Was: Re: Notes: idpy dev meeting, 16 January 2018
2018-01-22 11:41, Ivan Kanakarakis wrote:
Hi all,
It might also be a good idea to use Bandit[1] (static analyzer from the
OpenStack Security Group) to clean up some of the existing code and to avoid
common security related issues in the future.
I've tested it against some of the codebases in our community and found room
for improvement, while the false positives were relativity low (and it is easy
to simply append # nosec to any lines of code that triggers a false positive).
[1] https://github.com/openstack/bandit
Best regards,
John
Alternatives to PEP 8
the Google Python Style Guide
(https://google.github.io/styleguide/pyguide.html)
flake8
https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
flake8[0] is a wrapper that is enforcing a coding style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
SOLID is not related to coding style directly, but more to the
principles which form a program structure - how interfaces are built,
how components are separated, etc
PS: I haven't looked into google's styleguide yet.
[0]: http://flake8.pycqa.org/en/latest/manpage.html
[1]: https://github.com/vim-syntastic/syntastic
[2]:
https://blog.sideci.com/about-style-guide-of-python-and-linter-tool-pep8-py…
Cheers,
9:11 p.m.
New subject: PR request template and coding styles
On 1/22/18 2:41 AM, Ivan Kanakarakis wrote:
flake8[0] is a wrapper that is enforcing a coding
style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
[How can|Should] we turn this to something that goes into the PR template?
-Heather
11:20 p.m.
New subject: PR request template and coding styles
Hello,
On 21 February 2018 at 21:11, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
On 1/22/18 2:41 AM, Ivan Kanakarakis wrote:
Something like:
This project follows PEP8 style guide. Please make sure your code
produces no errors or warnings when run against the `flake8` linter.
--
Ivan c00kiemon5ter Kanakarakis >:3
flake8[0] is a wrapper that is enforcing a coding
style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
[How can|Should] we turn this to something that goes into the PR template?
11:21 p.m.
New subject: PR request template and coding styles
On 2/21/18 1:20 PM, Ivan Kanakarakis wrote:
Hello,
On 21 February 2018 at 21:11, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
Excellent. I'll add that to the template.
-hf
On 1/22/18 2:41 AM, Ivan Kanakarakis wrote:
Something like:
This project follows PEP8 style guide. Please make sure your code
produces no errors or warnings when run against the `flake8` linter.
flake8[0] is a wrapper that is enforcing a coding
style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
[How can|Should] we turn this to something that goes into the PR template?
11:28 p.m.
New subject: PR request template and coding styles
On 21 February 2018 at 23:21, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
On 2/21/18 1:20 PM, Ivan Kanakarakis wrote:
Truth is, we would like it to be that way - it is now yet there.
But, either way it is good to have that message there so people know.
Thanks for the templates.
--
Ivan c00kiemon5ter Kanakarakis >:3
Hello,
On 21 February 2018 at 21:11, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
Excellent. I'll add that to the template.
On 1/22/18 2:41 AM, Ivan Kanakarakis wrote:
Something like:
This project follows PEP8 style guide. Please make sure your code
produces no errors or warnings when run against the `flake8` linter.
flake8[0] is a wrapper that is enforcing a coding
style using PEP8,
and additionally does code analysis using pyflakes to catch bugs (eg
undeclared variables) or leftovers (eg unused variables). It
integrates well with different IDEs and also with the Syntastic vim
plugin[1]. This article[2] goes into some details about flake8, PEP8
and pyflakes.
I would strongly recommend to start using flake8 and progressively
make style-changes to the code.
[How can|Should] we turn this to something that goes into the PR template?
12:14 a.m.
New subject: PR request template and coding styles
On 2/21/18 1:28 PM, Ivan Kanakarakis wrote:
...
Truth is, we would like it to be that way - it is now yet there.
But, either way it is good to have that message there so people know.
Thanks for the templates.
Now's a good a time as any to start establishing that best practice. PR
templates have been updated.
-hf
This project follows PEP8 style guide. Please make sure your code
produces no errors or warnings when run against the `flake8` linter.
Excellent. I'll add that to the template.
2495
days inactive
2525
days old
9 comments
3 participants
participants (3)
-
hlflanagan@sphericalcowgroup.com -
ivan.kanak@gmail.com -
john@sunet.se