coverity code checker in Extras

Josh Boyer jwboyer at jdub.homelinux.org
Thu Aug 31 02:43:22 UTC 2006


On Wed, 2006-08-30 at 13:47 -0800, Jeff Spaleta wrote:
> On 8/30/06, Josh Boyer <jwboyer at jdub.homelinux.org> wrote:
> > That puts the onus on the maintainers to go look and doesn't make it
> > required.  And if nobody goes and looks at the results... I guess it's
> > no different than how things exist today in that regard :).
> 
> 
> We will need a metric to see how much its being used. If Fedora
> resources are going to be used to keep the service running into the
> future (manpower or infrastructure), you want to make sure that its a
> cost-effective tool in the long run. We want to be in a position in a
> year or so to evaluate whether or not its worth expending resources
> based on how much value we are actually deriving from this
> information.  To do that we are going to have to have some metric by
> which to track how many maintainers use this, and the quality of the
> usage as it translates into changes in packages. If very few
> maintainers are using the information being collected a year from now,
> then a decision will have to be made as to whether or not the
> resources being expended to keep the scannning operational is worth
> it.

Metric:  Compare # of packages that have coverity bugs opened by their
maintainers vs. number of packages coverity runs on.


> 
> Personally, I'd like some clarity as to whether or not the software
> needed to run this..service.. is going to be housed on Fedora
> controlled infrastructure or not.  Being a zealot, I would be somewhat
> unhappy if proprietary tools, even optional ones, were running on
> Fedora dedicated infrastructure. I'd be more at peace with this if the
> hardware running these scans was on Coverty owned servers and they
> were donating this service to the Fedora project in a way that Fedora
> did not have to directly host or maintain any proprietary software
> internally.  I feel its very important that we continue to work
> towards a fully open set of internal project tools, that can be
> replicated and adapted by other open source community members, but I
> don't have any problem at all with someone else volunteering to
> provide outside proprietary services which we have no direct
> involvment with other than sending our data over the wire.  That way,
> if people in the open source community want to focus their attention
> and provide a completely open solution in the future, they will have
> equal footing to gain access to the required data to provide a
> similair competing service.  I fear if Fedora instrastructure
> resources are dedicated to running proprietary tools, even optional
> tools, that decision will impact the ability for Fedora to adopt open
> solultions in the same problem space in the future due to
> infrastructure constraints.

*sigh*

Let's not forget that the Core buildsys _is_ proprietary.  Brew has not
been open sourced.

josh




More information about the fedora-extras-list mailing list