DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=p1KyAELXmfdECRsEbf+mgMDTAEK4BEji+IcXMr/6mXKB7hGVy4WYT
	phht0kEnz8+ePJvqUf2lvqMvqovBG/L84kEDdsCJmMA97PCZWAs66FOkm1SMW0sv
	xoG8ZYgpiUyqXHJb41RKji0eEVWuA3gHoE0lWd2/PM3aho76ZduFvI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Date: Fri, 25 Apr 2014 10:35:00 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Coverity Scan
Message-ID: <20140425083500.GA5666@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5359F391 DOT 8060309 AT tiscali DOT co DOT uk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO"
Content-Disposition: inline
In-Reply-To: <5359F391.8060309@tiscali.co.uk>
User-Agent: Mutt/1.5.21 (2010-09-15)

--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr 25 06:33, David Stacey wrote:
> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
> they offer it to Open Source programmes for free. I was having a browse
> through the list of Open Source programmes using Coverity Scan, and
> noticed that Cygwin wasn't listed. Would there be any interest in
> analysing the cygwin1.dll source code on a fairly regular basis? If so,
> I would be happy to have a go at setting up an analysis job for Cygwin.
>=20
> I would imagine this would be of interest to CGF, Corinna and anyone
> else who regularly updates the Cygwin source code. Obviously, this is
> only worth doing if the analysis results are looked at and acted upon.

Depends.  If the report contains lots of false positives, it's getting
annoying pretty quickly.

> There are some conditions associated with using Coverity Scan [2]. The
> one thing that jumps out is that our relationship with RedHat might be
> a stumbling block. We can but ask - the worst that can happen is that
> they politely decline.

They will.  #7 won't fly due to the buyout license clause.

> There have been a few hints on this list about a possible move from CVS
> to git. If such a move were on the cards then that should probably
> happen first - I wouldn't want the nugatory effort of getting this
> working from CVS only to have to change it almost immediately.

Yeah, I'm n ot exactly looking forward to it since I'm very familiar
with CVS or SVN, but have nothing but trouble with git.  But since
everybody else is so very happy with git, I guess I'll have to adapt.
Teeth-gnashingly.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTWh40AAoJEPU2Bp2uRE+g+Z8P/0jkurvbFvBRUKRu7eNzX8kM
chtnXrqnIrApS5gGa5PGtjtAxnNqDvdvAeWYrHOX1AxDRu6hwFrSaeSSii/O9sqF
TvUej6lpmHAtaq4je77XwowoAWcmNUrUtled0YWMUkF1N0+POqY+7k13q3geR07e
72RHouDVO4JTw35xe5HWyISyifnc2nAljxrJKJgSZvGhiPPUhWfVYQSZl4vtYHSP
aXzVwD2fW3SGx1kdx5usSkHT0XZSU8mlO+kyRQXyFvxwRhO71jXKcFMoKrJSLYxh
3+OwySiDEF+2gaK9CPlEoyjwK/EsZ+JRmCz4F6TznmSXDzsh6gXo91pfAzs+LJqd
4NvrwvDjBfFRKCzJyAkx2gxzbIkEo05Gqmi/ipqUR6b8BQIhsKxEmDJRnM9pCtiY
op4s52crzCNaux+kGijGD1GuPfWoI+smfll7PCPv5RM41vuqYtYXTdZiZTlce9zt
3hhBdNRDsjknERkCb7RR2lGXtVmjDbUebveBwH5e2kgBe1OXQ44K9BZJ3LVs3/uI
1z4c27ztd+ZaxJq7CAYJT68RVXJKnGoOksz4esRcupNYzzXBMSYQBEq5dSgENAZc
Z325bPZV/ODEcUd3QQQLG6GNRI9KjEitaXJSe6/ROv0b1O6gpRnzZuaLPR2cNi2C
rNkHcgKQkXO3drCRPhau
=16iX
-----END PGP SIGNATURE-----

--M9NhX3UHpAaciwkO--