On 03/28/2018 02:49 PM, Wei Liu wrote: > On Wed, Mar 28, 2018 at 02:33:37PM +0100, Roger Pau Monné wrote: >> Hello, >> >> According to the contribution guidelines document [0] the coverity >> database of issues is private, which makes it hard for new people to >> see issues. IMO it makes no sense to keep the result private anymore: >> >> - They have been audited for plenty of time by different people >> that currently has access to the database. >> - Anyone can reproduce the same results by forking Xen on github and >> sending a build to coverity for analysis AFAICT. >> >> On the plus side, having the database open would allow us the >> following: >> >> - Coverity reports could be sent to xen-devel, so anyone could pick >> and fix new issues. >> - Newcomers could use coverity in order to find small size tasks to >> work on. >> > > +1 for making it public. > > It used to be the case that people had access manually forward issues to > new comers. It was not fun for anyone involved. > > The way the current policy is written makes it only theoretically > possible for new comers to access the results (note the signed by PGP > key in a part of the strong set of web of trust), but is more likely to > be impossible in practice.
NB that as I understand the term, "strong set" has a meaning generally the opposite of what you'd expect in this context: that is, trusting the "strong set", by including everyone that can be transitively included, is relatively weak from a security point of view. For anyone outside of old-school hacking communities (like Debian, Linux, &c), this is likely to be a significant barrier to entry. On the other hand, the more communities insist on this sort of thing, the less of a barrier it will become. :-) In any case, I think the barrier is moot at this point, and should be taken down. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel