Re: PSA: If you are C/C++ developer, use cppcheck

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi


On Tue, Dec 17, 2013 at 4:34 PM, Tomas Hozza  wrote:
Publishing scan results for all Fedora packages might not be very good idea,
since the static analysis can find issues with possible security impact.
 
Sure and if someone wants to understand that security impact inorder to exploit they can always use coverity right now to find it out but if this is really a concern, one could easily gate access to the reports using FAS.
 
Also Coverity offers their tool to open-source projects for free [1]. I think
some projects are already using it (at least Squid). So if upstream projects
are interested, they can sign up for free.

That is true but it is clear that majority of projects are not doing that and as a distributor of thousands of projects,  I think Fedora can be provide a good value for upstream and itself by doing in a central place proactively.  Red Hat is already doing it for some packages.  Just need to find a way to increase that coverage and provide the reports in a way accessible to volunteer Fedora package maintainers.

Rahul
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux