upcoming release 0.9.1. please push work, and answer go/nogo

Dan Poirot dtpoirot at gmail.com
Wed Jan 20 07:33:44 UTC 2016


Coverity sales engineer here. I use my local Coverity install.

I have also had Defensics fuzzing the service in 'continuous' mode for a few
days. I see timeouts using heavily loaded networks but haven't SEGFAULTed
the daemon in a long, long time.


Eric, have you used the NESTED_INDENT_MISMATCH checker before? Very cool and
very low false positves.

The guy who ran SCAN (and grew it from ~200 FOSS projects to over 6600
projects!) is no longer with the company. We have assigned the role to our
most senior PostgreSQL expert. He has become distracted by making some
changes and updates...


I would like to set us up with a Coverity 8.0 install but need a 64-bit
Linux to do the job.

- dan


-----Original Message-----
From: Eric S. Raymond [mailto:esr at thyrsus.com] 
Sent: Tuesday, January 19, 2016 11:28 PM
To: Hal Murray
Cc: Daniel Poirot; devel at ntpsec.org
Subject: Re: upcoming release 0.9.1. please push work, and answer go/nogo

Hal Murray <hmurray at megapathdsl.net>:
> 
> esr at thyrsus.com said:
> > I don't consider this an 0.9.1 release blocker, because the code has 
> > been pretty stable since the last successful scan.  But it will be a 
> > significant issue when I start merging in replay changes.
> 
> We can discuss whether it should be a blocker, but it just caught a 
> bug I introduced when I fixed a bug in some error handling.

Urgh. You can still run scans?  I can't.  I think my cov tools are obsolete
since the gcc 5 changeover when I upgraded to Ubuntu 15.10 on
2 Jan, but I haven't been able to find a link to download replacements.

How are you doing your scans?

> I think we should add something like "run all the checker tools" to 
> the get-ready list.

As a general thing I agree.  This is explicit in GPSD's release checklist.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>



More information about the devel mailing list