[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
On 18/11/2016 20:55, "Julien Grall" <julien.grall@xxxxxxx> wrote: >Hello, > >On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote: >> On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote: >>> On 18/11/16 13:36, Artem Mygaiev wrote: >>>> Hello >>>> >>>> I would like to request access to Coverity Scan project. Hereby, I: >>>> - agree to follow the security response process. >>>> - undertake to report security issues discovered to the security team >>>> (security@xxxxxxxxxxxxxx) within 3 days of discovery. >>>> - agree to disclose the issue only to the security team and not to >>>> any other third party >>>> - waive their (security team) right to select the disclosure time >>>> line. Discoveries will follow the default time lines given in the >>>> policy. >>>> >>>> We work with Xen on ARM since 2012. Our primary goal is to introduce >>>> Xen for embedded and in particular in automotive SW domains. Our >>>> current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV >>>> drivers development (audio, video, input, etc.), co-processors support >>>> and trusted environment support through OP-TEE integration. All of our >>>> work is public and published in OSS mailing lists. We would like to >>>> contribute in stability of Xen overall and Xen on ARM in particular >>>> since this is absolutely critical for most of embedded applications. >>> >>> I don't have an objection in principle. However, I doubt you will find >>> access useful. >>> >>> Because of the restriction of only being permitted a single Coverity >>> stream, it is only the x86 build which is submitted for analysis. To >>> submit builds for separate architectures, we need alternative streams. >>> I already requested this but the request was denied. >> >> Perhaps Artem doing it - along with linking to this thread could >> sway their minds? (Hi Coverity folks!) > >Coverity has been proven useful on x86 to catch some bugs. A such things >would be nice for ARM too. Is there anything we can do to get coverity >testing ARM? (CC Lars). Coverity does static code analysis. It analyses our entire tree, although I don't know whether we updated it to point it to new repos such as the mini-os one. >> +1 on the request. > >In the current state and regardless whether coverity supports ARM, I >would lean towards -1 on the request. > >I would prefer to give coverity access to developer that have >established contribution on Xen ARM upstream. > >Artem, in the mail subject you mentioned "Embedded/Automotive team". >Does it mean you are requesting coverity access for all the team? > >Regards, > >[1] >https://www.xenproject.org/developers/teams/embedded-and-automotive.html > >-- >Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |