Coverity Open Source Defect Scan of Samba

[Jeremy Allison]

On Sun, Mar 05, 2006 at 09:35:56PM -0800, Ben Chelf wrote:
> Hello Samba Developers,
> 
>   I'm the CTO of Coverity, Inc., a company that does static source code 
> analysis to look for defects in code. You may have heard of us or of our 
> technology from its days at Stanford (the "Stanford Checker"). The 
> reason I'm writing is because we have set up a framework internally to 
> continually scan open source projects and provide the results of our 
> analysis back to the developers of those projects. Samba is one of the 
> 32 projects currently scanned at:
> 
> http://scan.coverity.com
> see the latest results.
> 
>   Right now, we're guarding access to the actual defects that we report 
> for a couple of reasons: (1) We think that you, as developers of Samba, 
> should have the chance to look at the defects we find to patch them 
> before random other folks get to see what we found and (2) From a 
> support perspective, we want to make sure that we have the appropriate 
> time to engage with those who want to use the results to fix the code. 
> Because of this second point, I'd ask that if you are interested in 
> really digging into the results a bit further for your project, please 
> have a couple of core maintainers (or group nominated individuals) reach 
> out to me to request access. As this is a new process for us and still 
> involves a small number of packages, I want to make sure that I 
> personally can be involved with the activity that is generated from this 
> effort.

This is *such* wonderful timing :-). I was actually looking at
your product earlier today and wondering how much a personal license
would cost so I could run it over the Samba release code and
fix things :-).

I am *extremely* interested in fixing any issues you might
find with our current release and near-release branches.

Please let me know what I need to do to get access to the test results
please.

Thanks,

	Jeremy Allison,
	Samba Team.