Coverity Open Source Defect Scan of Samba
jra at samba.org
Mon Mar 6 06:32:26 GMT 2006
On Sun, Mar 05, 2006 at 09:35:56PM -0800, Ben Chelf wrote:
> Hello Samba Developers,
> I'm the CTO of Coverity, Inc., a company that does static source code
> analysis to look for defects in code. You may have heard of us or of our
> technology from its days at Stanford (the "Stanford Checker"). The
> reason I'm writing is because we have set up a framework internally to
> continually scan open source projects and provide the results of our
> analysis back to the developers of those projects. Samba is one of the
> 32 projects currently scanned at:
> see the latest results.
> Right now, we're guarding access to the actual defects that we report
> for a couple of reasons: (1) We think that you, as developers of Samba,
> should have the chance to look at the defects we find to patch them
> before random other folks get to see what we found and (2) From a
> support perspective, we want to make sure that we have the appropriate
> time to engage with those who want to use the results to fix the code.
> Because of this second point, I'd ask that if you are interested in
> really digging into the results a bit further for your project, please
> have a couple of core maintainers (or group nominated individuals) reach
> out to me to request access. As this is a new process for us and still
> involves a small number of packages, I want to make sure that I
> personally can be involved with the activity that is generated from this
This is *such* wonderful timing :-). I was actually looking at
your product earlier today and wondering how much a personal license
would cost so I could run it over the Samba release code and
fix things :-).
I am *extremely* interested in fixing any issues you might
find with our current release and near-release branches.
Please let me know what I need to do to get access to the test results
More information about the samba-technical