[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Make coverity results public

Updated: see https://xenproject.org/help/contribution-guidelines.html

The text now is

Code Security Scanning
The Xen Project is registered with the "Coverity Scan" service which applies 
Coverity's static analyser to the Open Source projects. The tool can and does 
find flaws in the source code which can include security issues. Currently only 
the Xen Project Hypervisor (i.e. xen.git) is covered by these scans. Triaging 
and proposing solutions for the flaws found by Coverity is a useful way in 
which Community members can contribute to the Xen Project. 

Members of the community may request access to the Coverity database. However, 
Coverity requires that you create an account and apply for Xen Project 
membership by searching for the Xen Project and then requesting to be added to 
the project. We typically will approve requests within a few days, but reserve 
rejecting requests from accounts who never engaged with the project (aka never 
posted to a mailing list) or which look like spam accounts.  

On 04/04/2018, 16:50, "Wei Liu" <wei.liu2@xxxxxxxxxx> wrote:

    On Wed, Apr 04, 2018 at 03:47:44PM +0100, Lars Kurth wrote:
    > On 28/03/2018, 19:23, "George Dunlap" <george.dunlap@xxxxxxxxxx> wrote:
    >     > 
    >     > Lars, if you don't object I'm going to open up the results. And I 
    >     > leave the task to update the contribution guide webpage to you. :-)
    >     I'd wait at least until EOD Thursday. :-)
    > Sure. I am assuming this is public now?
    Yes, it is supposed to be public. But Roger says he still can't access
    it. I have sent an email to admin@coverity, but they haven't come back.
    We should definitely update our policy document.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.