coverity code checker in Extras
Denis Leroy
denis at poolshark.org
Wed Aug 30 18:29:24 UTC 2006
Jason L Tibbitts III wrote:
>>>>>>"TM" == Till Maas <opensource at till.name> writes:
>
>
> TM> what is it really, what is going to happen if we accept their
> TM> offer? Will every package in Extras be scanned?
>
> I don't think their technology would support that; as far as I know
> they can't do anything with Perl or Python or the like.
>
> What I find to be of more concern is what maintainers are expected to
> do with that information. In most cases all we'd be able to do is
> pass the reports upstream, which I suppose would be OK but might be a
> bit much to ask some maintainers (i.e. the ones with 50+ packages) to
> handle. Ideally Coverity would just deal directly with upstream and
> extras wouldn't need to be involved.
I was asking myself the same question too. Certainly we can't demand of
maintainers to have to go through that tool as part of a review, of
course. But it's a great tool to have at one's disposal. Coverity has
the reputation of being a very powerful tool. In the early days they
used the tool against the linux kernel code with some success (see all
LKML messages marked with [CHECKER]).
If the word is out that we have such a tool at our disposal, it might
encourage upstream projects to work more closely with the Fedora
community, which is all goodness imo.
More information about the fedora-extras-list
mailing list