Hello,
On 17/09/14 15:47, Jakub Hrozek wrote:
> On Wed, Sep 17, 2014 at 01:39:34PM +0000, Gregor Jasny wrote:
>> If you like I could set up a project and run a daily scan on my Debian machine. I’m doing this some month for my v4l-utils package and it catched many bugs.
>
> Thank you that would be awesome!
So we now have a project on scan.coverity.com. I have some questions for
the c-ares maintainers.
1) Currently I made the Coverity project private to have a look at the
issues first. So far nothing too scary is visible. Should I switch it to
public?
2) If we decide to make it public there is the possibility that new
defect reports are sent to this mailing list. But because this list is
subscribe only the listmaster must whitelist the Coverity system.
3) If we decide to keep it private how do we decide whom to grant access?
4) Currently it will run on one of my machines. But as Daniel Pocock
suggested there is also the possibility to let Travis-CI handle the scan
[1]. But I see a limitation with the Travis-CI approach: If we decide to
scan the master branch Tracis-CI will run for every commit. But the
Coverity System is limited to one run per day (or was it 7 per week?).
So we might miss some check-ins. If one decides to release such a missed
check-in there is the possibility that bugs creep in.
The other approach would be to create a coverity branch and
(automatically) sync there once a day.
Thanks for your comments,
Gregor
[1] https://scan.coverity.com/travis_ci
Received on 2014-09-28