+1 sounds good. musachy
On Jan 17, 2008 9:54 AM, Dave Newton <[EMAIL PROTECTED]> wrote: > +1; I'm a huge fan of various code analysis techniques, and I'd rather we > controlled our own ignore-ance from a position of knowledge. > > d. > > > --- Ted Husted <[EMAIL PROTECTED]> wrote: > > > There's a company that's been scanning open source project codebases > > for static flaws. In November 2007, they announced that Java projects > > are being added. > > > > * http://www.coverity.com/html/press_story51_11_20_07.html > > > > There's been the odd email about using these projects foundation-wide, > > possibly by running them locally. But, the core service descibed by > > this press release seems to be external. > > > > I couldn't find a list of Java projects on the website. The next step > > seems to be to send an email to <[EMAIL PROTECTED]>. > > > > If we are not already on the list, my question is whether we would > > like to opt-in now or not? > > > > My thought is that we might want to be proactive. In the alternative, > > we are like to find one day that Coverity has started to scan us > > unilaterally, and then be surprised by a lot of new fixes to make. > > Since Struts is an approved framework for several government agencies > > (DoD, VA, and so forth), I would think that we would be on the short > > list anyway. > > > > -Ted. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
