coverity code checker in Extras

Jeff Spaleta jspaleta at gmail.com
Wed Aug 30 21:47:19 UTC 2006


On 8/30/06, Josh Boyer <jwboyer at jdub.homelinux.org> wrote:
> That puts the onus on the maintainers to go look and doesn't make it
> required.  And if nobody goes and looks at the results... I guess it's
> no different than how things exist today in that regard :).


We will need a metric to see how much its being used. If Fedora
resources are going to be used to keep the service running into the
future (manpower or infrastructure), you want to make sure that its a
cost-effective tool in the long run. We want to be in a position in a
year or so to evaluate whether or not its worth expending resources
based on how much value we are actually deriving from this
information.  To do that we are going to have to have some metric by
which to track how many maintainers use this, and the quality of the
usage as it translates into changes in packages. If very few
maintainers are using the information being collected a year from now,
then a decision will have to be made as to whether or not the
resources being expended to keep the scannning operational is worth
it.

Personally, I'd like some clarity as to whether or not the software
needed to run this..service.. is going to be housed on Fedora
controlled infrastructure or not.  Being a zealot, I would be somewhat
unhappy if proprietary tools, even optional ones, were running on
Fedora dedicated infrastructure. I'd be more at peace with this if the
hardware running these scans was on Coverty owned servers and they
were donating this service to the Fedora project in a way that Fedora
did not have to directly host or maintain any proprietary software
internally.  I feel its very important that we continue to work
towards a fully open set of internal project tools, that can be
replicated and adapted by other open source community members, but I
don't have any problem at all with someone else volunteering to
provide outside proprietary services which we have no direct
involvment with other than sending our data over the wire.  That way,
if people in the open source community want to focus their attention
and provide a completely open solution in the future, they will have
equal footing to gain access to the required data to provide a
similair competing service.  I fear if Fedora instrastructure
resources are dedicated to running proprietary tools, even optional
tools, that decision will impact the ability for Fedora to adopt open
solultions in the same problem space in the future due to
infrastructure constraints.

-jef"Everything has an opportunity cost"spaleta




More information about the fedora-extras-list mailing list