launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~pelpsi/launchpad-buildd:move-to-requests-basic-auth into launchpad-buildd:master

To: Simone Pelosi <simone.pelosi@xxxxxxxxxxxxx>
From: Ines Almeida <mp+489527@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Jul 2025 13:53:17 -0000
In-reply-to: <175327838581.1628822.10602402114189178300.launchpad@scripts-bzrsyncd.lp.internal>
Reply-to: mp+489527@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Looks good, but I'd remove the coverity changes into another MP or another commit at least.
Also can you explain why we need those particular supresses? The `weak_hash_core_python_hashlib` seems self-explanatory but the `hardcoded_secret_pattern_low` not as much

Diff comments:

> diff --git a/lpbuildd/builder.py b/lpbuildd/builder.py
> index 6c5c6b2..42e49bb 100644
> --- a/lpbuildd/builder.py
> +++ b/lpbuildd/builder.py
> @@ -35,6 +35,7 @@ from lpbuildd.util import shell_escape
>  devnull = open("/dev/null")
>  
>  
> +# coverity[COV_PY_SIGMA.hardcoded_secret_pattern_low:SUPPRESS] doc example

This seems related to something other than the basic auth - what is the reasoning for it here?

>  def _sanitizeURLs(bytes_seq):
>      """A generator that deletes URL passwords from a bytes sequence.
>  


-- 
https://code.launchpad.net/~pelpsi/launchpad-buildd/+git/launchpad-buildd/+merge/489527
Your team Launchpad code reviewers is requested to review the proposed merge of ~pelpsi/launchpad-buildd:move-to-requests-basic-auth into launchpad-buildd:master.

References

[Merge] ~pelpsi/launchpad-buildd:move-to-requests-basic-auth into launchpad-buildd:master
From: Simone Pelosi, 2025-07-23