On Wed, 2013-12-18 at 09:12 +0100, Ondrej Vasik wrote: > On Tue, 2013-12-17 at 13:17 -0500, Rahul Sundaram wrote: > > Hi > > > > > > On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote: > > > > The issues reported against libvirt all appear to be false > > positives. > > Not entirely surprising since we already have coverity run > > against > > libvirt code nightly. > > > > > > Thanks for the quick response. Does Red Hat run it only for > > packages in RHEL or it is run against all Fedora packages? If not, > > would it be possible for Red Hat to do so and publish the results on a > > regular basis? That might be a useful service. > > Nightly Coverity scans for whole Fedora wouldn't work - RHEL subset of > packages is scanned bi-yearly - as the ~1500 C/C++ takes 21+ days to > scan (150M lines of code). Whole Fedora would take ~3 months+ . Our > RHEL maintainers are notified about the results and are encouraged to > share the results with upstreams - many of them do. ... > packages). We work on open sourcing this scanning tool based on mock > (covering the static analyzers) - so people can use it for their > packages more easily. It could even be integrated into the > infrastructure somehow, as there is no license limitation. I meant integrating without Coverity support, as we can't provide access to scanners outside of Red Hat. Still, covering extra gcc warning levels, cppcheck and clang together would be beneficial. As to opensourcing - I can't give any time estimate, but it shouldn't take more than few months - most of the necessary steps already done. Greetings, Ondrej -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct