Am 06.09.2012 10:59, schrieb Stefan Krah: > The mailing list would be nice especially if we could get the results in > verbose text form, but I don't know if that's possible.
I've added my account to the notification list but I've not yet received a mail as no new issue was introduced. Coverity also sends an email for every successful or failed build. So far the mails end up in my inbox. > BTW, do we keep all buffer overruns secret or can we post them on the tracker > if it's an off-by-one and unlikely to be exploitable? I'd say use your best discretion. In the unlikely case that Coverity finds a buffer overflow that can be abused remotely we have to go through PSRT and publish security fix releases. At a first glance no bug looked that severe to me. IMHO it makes sense to define a workflow how we are going to handle Coverity issues. Each coverity issue has an identifier and can have information like an external reference and an action. I've seen that you have started to create bugs in our tracker. How about we mention the Coverity # in the bug and add a link to the bug in the "Ext. Reference" field of the Coverity issue and set the Action to "Claimed, being worked on". In case you got curious about Coverity I've created a screenshot for you http://imm.io/Duel . Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
