New Defects reported by Coverity Scan for ntpsec
halmurray at sonic.net
Wed Feb 8 02:23:17 UTC 2023
Matthew.Selsky at twosigma.com said:
>> Should we document that? Where?
> The account creation seems self-explanatory. Or did you want to document
> something else?
I don't know. I was just tossing out a suggestion based on my stumbling.
Yes, it's reasonably obvious, but only after you find the right URL.
> Yes, Coverity is pointing at the GitHub mirror.
I think it knows that it is a mirror.
> I approved your account.
Thanks. I didn't get any you-were-approved mail.
Do I have to explicitly sign up for mail about reports?
> No. We run the Coverity CI job weekly via a schedule, ...
> I'll work on running Coverity post-merge.
I agree that running it every merge is overkill.
A button that says run-now would be nice if we are working on fixing Coverity
Can you poke it by hand?
How does Coverity fit into the release procedure?
Should we schedule releases after a Coverity run?
> Do you need the ability to run Coverity offline on
> your development host before you push?
Not really. I expect this will all get sorted out and slip into the
background before long. "before long" just takes longer if the turn around
time is a week rather than an hour. I'm not in a hurry as long as I know what
to expect. I have plenty of other things to work on.
I got confused by misreading the report that started this thread so I was
thinking that Coverity might generate a lot of reports that we would have to
I'm close to having -Wswitch-enum ready.
These are my opinions. I hate spam.
More information about the devel