On Apr 16, 2012, at 18:05 PM, Joel Schuster wrote: > Two reasons... > > 1. Getting some free information through code scan might help inform making > Felix more robust.
We have a good set of tests for most if not all code we release, we regularly run the TCK and we take every bug report we get very seriously. > All it takes is a project member to register and the rest is done by Coverity. Why do you need a project member to register? Like I said, this is open source, anybody can download and analyze our codebase. > It's a low commitment to potentially get some good information. All I have is your word for that, right now I have no clue what you will do and why it will improve our codebase. > 2. Having the results on the Coverity site may increase the user base if > people can easily see that the community is active in addressing and dealing > with robustness issues. You make it sound as if we're not addressing these issues already. Don't get me wrong, I encourage everybody to read or use the code and give us feedback when they think they have discovered an issue. So far I don't see how signing up with Coverity will help us. Greetings, Marcel > > - Joel > > >> -----Original Message----- >> From: Marcel Offermans [mailto:[email protected]] >> Sent: Monday, April 09, 2012 9:33 AM >> To: [email protected] >> Subject: Re: Coverity Static Analysis >> >> Hello Joel, >> >> On Apr 9, 2012, at 14:30 PM, Joel Schuster wrote: >> >>> I'm using Felix within a gov't project. Lately there has been a push >>> to have open source projects be scanned by 3rd party static analysis >>> tools to show the value of using OSS within gov't projects while >>> showing that the risk is in fact smaller than industry standard. >>> >>> As you can see there are quite a few OSS projects that are already >>> being scanned, and a number of those projects are making explicit >>> effort to make sure that any bugs that are found are dealt with quickly. >>> >>> http://scan.coverity.com/all-projects.html >>> >>> I was wondering if the Felix project would be interested in pursuing >>> being scanned by Coverity and being placed on this list. >> >> I looked at the link you supplied, but there is not much to see there > other >> than some metrics that are done in a way that I cannot reproduce. Why >> should we as an open source project be interested in actively > participating in >> this? >> >> All our sourcecode is obviously available for anyone to examine, so I'm > sure >> that anybody who is interested in running it past the static analysis > tools that >> Coverity has can do so. >> >> Greetings, Marcel >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
