Jason L Tibbitts III wrote:
"TM" == Till Maas <opensource@xxxxxxxxx> writes:
TM> what is it really, what is going to happen if we accept their
TM> offer? Will every package in Extras be scanned?
I don't think their technology would support that; as far as I know
they can't do anything with Perl or Python or the like.
What I find to be of more concern is what maintainers are expected to
do with that information. In most cases all we'd be able to do is
pass the reports upstream, which I suppose would be OK but might be a
bit much to ask some maintainers (i.e. the ones with 50+ packages) to
handle. Ideally Coverity would just deal directly with upstream and
extras wouldn't need to be involved.
I was asking myself the same question too. Certainly we can't demand of
maintainers to have to go through that tool as part of a review, of
course. But it's a great tool to have at one's disposal. Coverity has
the reputation of being a very powerful tool. In the early days they
used the tool against the linux kernel code with some success (see all
LKML messages marked with [CHECKER]).
If the word is out that we have such a tool at our disposal, it might
encourage upstream projects to work more closely with the Fedora
community, which is all goodness imo.
--
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list
