commit | a912b25520d484533efb317603a6029116ccc439 | [log] [tgz] |
---|---|---|
author | Zvonimir Pavlinovic <zpavlinovic@google.com> | Mon Aug 02 17:56:08 2021 -0700 |
committer | Zvonimir Pavlinovic <zpavlinovic@google.com> | Mon Aug 30 19:46:20 2021 +0000 |
tree | 53e2fd9d78ffccc629fd7f1cd860bef831613c78 | |
parent | b6ec30af783f20c3ef2cebeb7c60ec0682b48326 [diff] |
vulndb/internal/audit: push back potential FPs in ordering of findings The majority of experiments suggest that false positive (FP) findings involve call stacks that go through standard libraries. This CL adjusts ordering of findings to deprioritize such findings when presented to users. Change-Id: I9e4c3bae2befa8c7fb4eb48662f74032cc7850b5 Reviewed-on: https://go-review.googlesource.com/c/exp/+/339330 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Tim King <taking@google.com>
This subrepository holds experimental and deprecated (in the old
directory) packages.
The idea for this subrepository originated as the pkg/exp
directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get
these packages.
Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.
In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)
Caveat emptor.