How Samba monitors Coverity Scan report

Nasif Imtiaz simtiaz at
Fri Apr 26 14:33:07 UTC 2019

Hi Andrew,

Thanks a lot for the quick response. I am a PhD student at NC State
University and as a part of my research project I am looking at how
developers respond to static analysis tool alerts (how many alerts they
find useful, how long does it take to fix them).

It will be greatly helpful for me if any of you participate in a short
survey <> on how your
team monitors Coverity Scan report. The survey should not take more than
five minutes at maximum.

Thanks a lot,

On Fri, Apr 26, 2019 at 1:51 AM Andrew Bartlett <abartlet at> wrote:

> On Thu, 2019-04-25 at 23:30 -0400, Nasif Imtiaz via samba-technical
> wrote:
> > Hi,
> >
> > I see Samba is registered on Coverity Scan
> > <> for
> > regular
> > analysis. I am assuming only the master branch is analysed here (Is
> > that correct?)
> Well every release branch was at one point master, and almost all
> patches added to a release branch are first applied to master, so I
> don't think the different is significant.
> > Also, are there any developers from Samba team who regularly monitor
> > Coverity reports? What is Samba team's policy on this?
> Yes, we regularly monitor the reports and act on them.
> You can see these being fixed by the CID numbers in the patches in
> master.
> I hope this clarifies things,
> Andrew Bartlett
> --
> Andrew Bartlett             
> Authentication Developer, Samba Team
> Samba Developer, Catalyst IT

Good Day,


More information about the samba-technical mailing list