Re: [Python-Dev] Coverity Open Source Defect Scan of Python

Mon, 06 Mar 2006 12:42:54 -0800 

On Mon, 6 Mar 2006, Barry Warsaw wrote:

> On Mon, 2006-03-06 at 14:26 -0500, Tim Peters wrote:
> > [Ben Chelf <[EMAIL PROTECTED]>]
> > > ...
> > > I'd ask that if you are interested in really digging into the results a 
> > > bit
> > > further for your project, please have a couple of core maintainers (or
> > > group nominated individuals) reach out to me to request access.
> > 
> > Didn't we set up a "security swat team" some time ago?  If not, we
> > should.  Regardless, since I have more free time these days, I'd like
> > to be on it.
> 
> Yep, it's called [EMAIL PROTECTED] (with a semi-secret backing mailing
> list, which I'd be happy for you to join!).  I definitely think that
> group of folks at the least should review the results.
> 
> -Barry
> 
>From their open source chart:

OpenVPN         7       69,842          0.100   Sign in         Register
Perl            89      479,780         0.186   Sign in         Register
PHP             207     431,251         0.480   Sign in         Register
PostgreSQL      297     815,700         0.364   Sign in         Register
ProFTPD         26      89,650          0.290   Sign in         Register
Python          59      259,896         0.227   Sign in         Register
Samba           215     312,482         0.688   Sign in         Register

This is interesting stuff.  See http://metacomp.stanford.edu for some 
background.  

The Coverty marketing droids need to be a bit less anal about getting
people to register at the website.  IMHO, the technology should be
described openly and allowed to speak for itself. On the other hand, the
policy of not disclosing discovered bugs until someone has had a chance to
evaluate their significance and fix them is probably a good one.

I'd also encourage Coventry to explain their business model a bit more
clearly.  Coventry seems to be supportive of open source projects.  
Coverty also seems to be targeting big companies as customers.  It's not
clear how arbitrary open source projects (and small companies and
individuals) will be able to take advantage of Coventry's products and
services.

>From Ben's email:

                                            ... if you are interested in 
   really digging into the results a bit further for your project, please 
   have a couple of core maintainers (or group nominated individuals) reach 
   out to me to request access. As this is a new process for us and still 
   involves a small number of packages, I want to make sure that I 
   personally can be involved with the activity that is generated from this 
   effort.
   
      So I'm basically asking for people who want to play around with some 
   cool new technology to help make source code better. If this interests 
   you, please feel free to reach out to me directly. And of course, if 
   there are other packages you care about that aren't currently on the 
   list, I want to know about those too.
   
This looks to me to be something worth doing.  I wish I had the time to be
one of the designated folks, but, sadly, I don't.  



_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to