New Defects reported by Coverity Scan for ntpsec

Matthew Selsky Matthew.Selsky at
Wed Feb 8 01:32:00 UTC 2023

On Mon, Feb 06, 2023 at 10:51:02PM -0800, Hal Murray via devel wrote:
> > Do you have a coverity account?
> >
> > Then go to "My Dashboard" and "Add project".
> Should we document that?  Where?

The account creation seems self-explanatory. Or did you want to document something else?

> It looks like Coverity is running over on github.

Yes, Coverity is pointing at the GitHub mirror.
> Is our copy-to-github stuff documented?

It's a 1-line checkbox in our GitLab repo.  There's no documentation, per se.

> I'm waiting for somebody to approve me. 

I approved your account.

> >>     Date: Thu, 02 Feb 2023 05:48:37 +0000 (Wed 21:48 PST)
> > It was detected on Feb 5.
> So the turn around is days rather than hours.

No. We run the Coverity CI job weekly via a schedule, not on every commit since I was concerned about abusing the Coverity scanner minutes and other reasons. I think we can re-evaluate that decision since our merge rate is low enough and run Coverity on each commit, but after merging since it relies on a GitLab runner that not everyone may have access to (for reasons that I don't want to go into here).

I'll work on running Coverity post-merge.

Do you need the ability to run Coverity offline on your development host before you push?


More information about the devel mailing list