New Defects reported by Coverity Scan for ntpsec

Hal Murray halmurray at sonic.net
Wed Feb 8 02:23:17 UTC 2023


Thanks.

Matthew.Selsky at twosigma.com said:
>> Should we document that?  Where?
> The account creation seems self-explanatory. Or did you want to document
> something else?

I don't know.  I was just tossing out a suggestion based on my stumbling.

Yes, it's reasonably obvious, but only after you find the right URL.

> Yes, Coverity is pointing at the GitHub mirror.

I think it knows that it is a mirror.

> I approved your account.

Thanks.  I didn't get any you-were-approved mail.

Do I have to explicitly sign up for mail about reports?


> No. We run the Coverity CI job weekly via a schedule, ...
> I'll work on running Coverity post-merge.

I agree that running it every merge is overkill.

A button that says run-now would be nice if we are working on fixing Coverity 
problems.

Can you poke it by hand?

How does Coverity fit into the release procedure?
Should we schedule releases after a Coverity run?


> Do you need the ability to run Coverity offline on
> your development host before you push?

Not really.  I expect this will all get sorted out and slip into the 
background before long.  "before long" just takes longer if the turn around 
time is a week rather than an hour.  I'm not in a hurry as long as I know what 
to expect.  I have plenty of other things to work on.

I got confused by misreading the report that started this thread so I was 
thinking that Coverity might generate a lot of reports that we would have to 
fix.

I'm close to having -Wswitch-enum ready.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list