[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: coverity code checker in Extras



Dan Williams wrote:

I think the easiest solution at the current time is to run the Coverity
scans on one or two parallel machines that harvest successful build
results from the actual Extras buildsystem, and which non-Red Hat people
don't have shell access to.  Furthermore, this ensures that released
Extras packages are fully externally reproducible, since the Coverity
scanner sits between the build scripts and GCC.  The web-based reports
portal would be still be accessible to package maintainers of course.

Like Warren says, then there's no slowdown for the build system, we stay
clear of any difficult contractual or legal issues related to access to
Coverity binaries, and the packages are completely externally
reproducible.

This is an important addition to my previous stated rationale.

In Thursday's Extras and Infrastructure meetings, both committees favor the asynchronous approach run outside of the Fedora Project. This should be a parallel service operated by and within Red Hat on Fedora repositories.

I will talk with Max about this when he returns next Tuesday.

Warren Togami
wtogami redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]