On 21 January 2015 at 12:47, Markus Armbruster <arm...@redhat.com> wrote:
> We're using the Coverity Scan service[*]. We've put in some effort, and
> we've gotten some mileage out of it, but I feel we could get more.
>
> Judging from the report e-mail I have lying about, we're scanning about
> once a month on average. These reports cuts off after 20 new defects.
> When there are more, which is common, people have to go to the web
> dashboard to see them. When I get one with ten, I may have a look, when
> I get one "Showing 20 of 100 defect(s)", I despair of the task, and put
> it off.
Right, but coverity reports lots of stuff, much of which is either
wrong or just not very important. The interesting stats here are:
(1) the "high impact outstanding" buglist: we have just 33 of these
(2) the per-component lists: where somebody's been working on the
bug list for that component there are often not many bugs (there
are just 2 outstanding for "arm", for instance)
> I think we should scan much more regularly. Once a week, full auto?
I think a regular automated scan would be useful, yes.
> I further think we should send the e-mail report to the list, to have
> more eyes on it.
I agree that we'd benefit much more from more people seeing the
list of coverity reports.
-- PMM
