[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Make coverity results public



On Wed, Mar 28, 2018 at 02:33:37PM +0100, Roger Pau Monné wrote:
> Hello,
> 
> According to the contribution guidelines document [0] the coverity
> database of issues is private, which makes it hard for new people to
> see issues. IMO it makes no sense to keep the result private anymore:
> 
>  - They have been audited for plenty of time by different people
>    that currently has access to the database.
>  - Anyone can reproduce the same results by forking Xen on github and
>    sending a build to coverity for analysis AFAICT.
> 
> On the plus side, having the database open would allow us the
> following:
> 
>  - Coverity reports could be sent to xen-devel, so anyone could pick
>    and fix new issues.
>  - Newcomers could use coverity in order to find small size tasks to
>    work on.
> 

+1 for making it public.

It used to be the case that people had access manually forward issues to
new comers. It was not fun for anyone involved.

The way the current policy is written makes it only theoretically
possible for new comers to access the results (note the signed by PGP
key in a part of the strong set of web of trust), but is more likely to
be impossible in practice.

Wei.

> Thanks, Roger.
> 
> [0] https://xenproject.org/help/contribution-guidelines.html

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.