[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team




On 18/11/2016 20:55, "Julien Grall" <julien.grall@xxxxxxx> wrote:

>Hello,
>
>On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote:
>> On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote:
>>> On 18/11/16 13:36, Artem Mygaiev wrote:
>>>> Hello
>>>>
>>>> I would like to request access to Coverity Scan project. Hereby, I:
>>>>  - agree to follow the security response process.
>>>>  - undertake to report security issues discovered to the security team
>>>> (security@xxxxxxxxxxxxxx) within 3 days of discovery.
>>>>  - agree to disclose the issue only to the security team and not to
>>>> any other third party
>>>>  - waive their (security team) right to select the disclosure time
>>>> line. Discoveries will follow the default time lines given in the
>>>> policy.
>>>>
>>>> We work with Xen on ARM since 2012. Our primary goal is to introduce
>>>> Xen for embedded and in particular in automotive SW domains. Our
>>>> current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV
>>>> drivers development (audio, video, input, etc.), co-processors support
>>>> and trusted environment support through OP-TEE integration. All of our
>>>> work is public and published in OSS mailing lists. We would like to
>>>> contribute in stability of Xen overall and Xen on ARM in particular
>>>> since this is absolutely critical for most of embedded applications.
>>>
>>> I don't have an objection in principle.  However, I doubt you will find
>>> access useful.
>>>
>>> Because of the restriction of only being permitted a single Coverity
>>> stream, it is only the x86 build which is submitted for analysis.  To
>>> submit builds for separate architectures, we need alternative streams.
>>> I already requested this but the request was denied.
>>
>> Perhaps Artem doing it - along with linking to this thread could
>> sway their minds? (Hi Coverity folks!)
>
>Coverity has been proven useful on x86 to catch some bugs. A such things
>would be nice for ARM too. Is there anything we can do to get coverity
>testing ARM? (CC Lars).

Coverity does static code analysis. It analyses our entire tree, although
I don't know whether we updated it to point it to new repos such as the
mini-os one. 

>> +1 on the request.
>
>In the current state and regardless whether coverity supports ARM, I
>would lean towards -1 on the request.
>
>I would prefer to give coverity access to developer that have
>established contribution on Xen ARM upstream.
>
>Artem, in the mail subject you mentioned "Embedded/Automotive team".
>Does it mean you are requesting coverity access for all the team?
>
>Regards,
>
>[1] 
>https://www.xenproject.org/developers/teams/embedded-and-automotive.html
>
>-- 
>Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.