Coverity Scan

[Corinna Vinschen]

On Apr 25 06:33, David Stacey wrote:
> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
> they offer it to Open Source programmes for free. I was having a browse
> through the list of Open Source programmes using Coverity Scan, and
> noticed that Cygwin wasn't listed. Would there be any interest in
> analysing the cygwin1.dll source code on a fairly regular basis? If so,
> I would be happy to have a go at setting up an analysis job for Cygwin.
> 
> I would imagine this would be of interest to CGF, Corinna and anyone
> else who regularly updates the Cygwin source code. Obviously, this is
> only worth doing if the analysis results are looked at and acted upon.

Depends.  If the report contains lots of false positives, it's getting
annoying pretty quickly.

> There are some conditions associated with using Coverity Scan [2]. The
> one thing that jumps out is that our relationship with RedHat might be
> a stumbling block. We can but ask - the worst that can happen is that
> they politely decline.

They will.  #7 won't fly due to the buyout license clause.

> There have been a few hints on this list about a possible move from CVS
> to git. If such a move were on the cards then that should probably
> happen first - I wouldn't want the nugatory effort of getting this
> working from CVS only to have to change it almost immediately.

Yeah, I'm n ot exactly looking forward to it since I'm very familiar
with CVS or SVN, but have nothing but trouble with git.  But since
everybody else is so very happy with git, I guess I'll have to adapt.
Teeth-gnashingly.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140425/1298bd93/attachment.sig>