| [jts-dev] Modify JTS Core to use a logging framework |
|
Hello, This is my first time posting to your mailing list, so please excuse any breaches of protocol/decorum. I work on a project that uses JTS Core (thank you for all of your hard work); however, to be permissible for us to use it we must perform a static code analysis on the source code (using Fortify) and mitigate
the findings. This is a time consuming process and it must be repeated each time we upgrade versions of your software. This is my first time performing the task for JTS Core. From what I understand other developers on our team have previously found, most
of the findings involve removing calls System.out, System.err and printing stacktraces (because stacktraces reveal potential vulnerabilities).
I am planning to fork the JTS repo and modify it to use a logging framework in lieu of the aforementioned outputs. I would like to do so in a way that will both benefit the community and that would allow committing
those changes so this process will be less time consuming for future upgrades. My proposal is to use the Simple Logging Facade for Java (SLF4J) as doing so allows users of the library to decide the underlying logging framework to use without having to modify the source code and by simply
adding the dependency for the chosen framework to the runtime classpath. It is also my understanding that SLF4J is compatible with Android, so I would not expect using it to impose restrictions for that platform.
I’m looking for feedback so I can provide the most benefit to the community and increase the likelihood the community will accept a pull request with the modifications so they will be included in future releases.
Any feedback will be greatly appreciated. Thanks in advance, Phil Bryant Senior Principal Software Engineer SAIC Inc. 5021 Bradford Drive Huntsville, Alabama 35806 |