I always favour a "more eyes the better" approach.
If Coverity finds nothing we've lost nothing, but if it finds something we
can avoid having to fix a release once it's in the wild.
Al.
----- Original Message -----
From: "Philip Luppens" <[EMAIL PROTECTED]>
To: "Struts Developers List" <[email protected]>
Sent: Thursday, January 17, 2008 1:08 PM
Subject: Re: Coverity Scan
On 1/17/08, Antonio Petrelli <[EMAIL PROTECTED]> wrote:
2008/1/17, Ted Husted <[EMAIL PROTECTED]>:
>
> If we are not already on the list, my question is whether we would
> like to opt-in now or not?
I think it is the case: in Struts 2 we had two major security problems,
and
probably a new one is arised.
I doubt their scanner would be able to identify such problems. But
more analysis is always good (checkstyle, pmd, findbugs, ..), so +1
from me.
- Phil
Antonio
--
Software Architect - Hydrodesk
"Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live." - John F. Woods
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
