[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: coverity code checker in Extras

Jason L Tibbitts III wrote:
"TM" == Till Maas <opensource till name> writes:

TM> what is it really, what is going to happen if we accept their
TM> offer? Will every package in Extras be scanned?

I don't think their technology would support that; as far as I know
they can't do anything with Perl or Python or the like.

What I find to be of more concern is what maintainers are expected to
do with that information.  In most cases all we'd be able to do is
pass the reports upstream, which I suppose would be OK but might be a
bit much to ask some maintainers (i.e. the ones with 50+ packages) to
handle.  Ideally Coverity would just deal directly with upstream and
extras wouldn't need to be involved.

I was asking myself the same question too. Certainly we can't demand of maintainers to have to go through that tool as part of a review, of course. But it's a great tool to have at one's disposal. Coverity has the reputation of being a very powerful tool. In the early days they used the tool against the linux kernel code with some success (see all LKML messages marked with [CHECKER]).

If the word is out that we have such a tool at our disposal, it might encourage upstream projects to work more closely with the Fedora community, which is all goodness imo.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]