On Sun, Jan 11, 2009 at 7:57 PM, Jason Giglio <[email protected]> wrote: > Sheet Spotter wrote: >> I stumbled into a code analysis tool from Coverity that claims to >> identify source code flaws through an elaborate static code analysis >> with a lower "false positive" rate than similar tools. Coverity seems to >> offer their tool (or their services?) free of charge to open source >> projects. > > I went through this a couple years ago. > > The conclusion of the thread was that Linden Lab already licensed > Coverity internally, and they weren't going to release the results of > the report to us. There were some vague excuses about security or > something, and that the open source community can't really help fix > those kinds of bugs anyway.
The problem is that the Coverity report is generated against the full build, including server components and things where we don't have a license to redistribute code. If we renew our Coverity license (that's up in the air - I'd heard that it's hugely expensive), the plan is to get a separate analysis running against the very same code that's exported, and to export that routinely. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
