Hi Ken, Yes, you can create JIRAs based on the content of the defects. Disclosure is up to the projects (us) - Coverity hides it so we have a chance to fix any security issues before the public gets a look at the reported defect. Fixed defects should be noted as such in Coverity, so it would be good to keep the CID in the JIRA as well.
-Steve > -----Original Message----- > From: Ken Giusti [mailto:kgiu...@redhat.com] > Sent: Tuesday, March 20, 2012 1:13 PM > To: dev@qpid.apache.org > Subject: Re: Initial Coverity scan of qpid cpp > > Does anyone know if Coverity will allow us to create public JIRA's based > on > these defects? Specifically, can we include the defect description > provided > by Coverity? > > I'd like to include the defect analysis in the JIRA, if possible. > > I didn't see anything relevant described in the coverity scan faq. > > thanks, > > -K > > > ----- Original Message ----- > > On Tue, 2012-03-13 at 18:48 -0500, Steve Huston wrote: > > > The first Coverity scan of qpid C++ code is up at > > > http://scan5.coverity.com:8080 - the project name is Apache-Qpid. > > > I'm not > > > sure how you go about associating yourself with the project if you > > > have a coverity id. If it's confusing and I can help (I can at least > > > ask Coverity about it) let me know. > > > > > > 388 defects it found... ugh. I haven't taken a hard look at them > > > yet. > > > > Having spent an hour or so looking at the defects, most of the ones I > > looked at seem real but minor. > > > > The ones that I spent time thinking about (on the whole the ones I > > understand!) seem like they would be simple to fix - which of course > > begs the question why were the defects written in the first place and > > why aren't any of our tests picking them up. > > > > I suggest we make an effort to clean as many of them up for 0.18 as we > > can. > > > > Andrew > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional > > commands, e-mail: dev-h...@qpid.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional > commands, e-mail: dev-h...@qpid.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
