|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Coverity + XenProject + Process?
On Fri, 2013-08-30 at 16:34 +0100, David Vrabel wrote: > On 30/08/13 16:00, Konrad Rzeszutek Wilk wrote: > > Hey > > > > We have a static analyzer setup for Xen called Coverity. It allows > > the code to be inspected for bugs and such. > > > > Originally I setup this so that we could make sure that there are no > > bugs that cause security issues - and as such invited only folks > > on the security Xen mailing list. > > If there has been a pass already and that found no security issues, I > think the results should be made open and available to all. The issue is that there are lots of issues, of which only a tiny minority are going to turn out to be actual security issues. What is needed is for someone to go through them all and classify them. > Any (new) issues coverity might find in a development branch are just > bugs and not (yet) a security issues. Unless the relevant breakage got backported before the pass. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |