[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team



Hello,

On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote:
On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote:
On 18/11/16 13:36, Artem Mygaiev wrote:
Hello

I would like to request access to Coverity Scan project. Hereby, I:
 - agree to follow the security response process.
 - undertake to report security issues discovered to the security team
(security@xxxxxxxxxxxxxx) within 3 days of discovery.
 - agree to disclose the issue only to the security team and not to
any other third party
 - waive their (security team) right to select the disclosure time
line. Discoveries will follow the default time lines given in the
policy.

We work with Xen on ARM since 2012. Our primary goal is to introduce
Xen for embedded and in particular in automotive SW domains. Our
current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV
drivers development (audio, video, input, etc.), co-processors support
and trusted environment support through OP-TEE integration. All of our
work is public and published in OSS mailing lists. We would like to
contribute in stability of Xen overall and Xen on ARM in particular
since this is absolutely critical for most of embedded applications.

I don't have an objection in principle.  However, I doubt you will find
access useful.

Because of the restriction of only being permitted a single Coverity
stream, it is only the x86 build which is submitted for analysis.  To
submit builds for separate architectures, we need alternative streams.
I already requested this but the request was denied.

Perhaps Artem doing it - along with linking to this thread could
sway their minds? (Hi Coverity folks!)

Coverity has been proven useful on x86 to catch some bugs. A such things would be nice for ARM too. Is there anything we can do to get coverity testing ARM? (CC Lars).


+1 on the request.

In the current state and regardless whether coverity supports ARM, I would lean towards -1 on the request.

I would prefer to give coverity access to developer that have established contribution on Xen ARM upstream.

Artem, in the mail subject you mentioned "Embedded/Automotive team". Does it mean you are requesting coverity access for all the team?

Regards,

[1] https://www.xenproject.org/developers/teams/embedded-and-automotive.html

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.