How Samba monitors Coverity Scan report
Nasif Imtiaz
simtiaz at ncsu.edu
Fri Apr 26 14:33:07 UTC 2019
Hi Andrew,
Thanks a lot for the quick response. I am a PhD student at NC State
University and as a part of my research project I am looking at how
developers respond to static analysis tool alerts (how many alerts they
find useful, how long does it take to fix them).
It will be greatly helpful for me if any of you participate in a short
survey <https://ncsu.qualtrics.com/jfe/form/SV_dakHeRNGBoWq9r7> on how your
team monitors Coverity Scan report. The survey should not take more than
five minutes at maximum.
Thanks a lot,
Nasif
On Fri, Apr 26, 2019 at 1:51 AM Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2019-04-25 at 23:30 -0400, Nasif Imtiaz via samba-technical
> wrote:
> > Hi,
> >
> > I see Samba is registered on Coverity Scan
> > <https://scan.coverity.com/projects/samba?tab=project_settings> for
> > regular
> > analysis. I am assuming only the master branch is analysed here (Is
> > that correct?)
>
> Well every release branch was at one point master, and almost all
> patches added to a release branch are first applied to master, so I
> don't think the different is significant.
>
> > Also, are there any developers from Samba team who regularly monitor
> > Coverity reports? What is Samba team's policy on this?
>
> Yes, we regularly monitor the reports and act on them.
>
> You can see these being fixed by the CID numbers in the patches in
> master.
>
> I hope this clarifies things,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
--
Good Day,
Nasif
More information about the samba-technical
mailing list