New Defects reported by Coverity Scan for ntpsec

Hal Murray halmurray at
Wed Feb 8 02:23:17 UTC 2023


Matthew.Selsky at said:
>> Should we document that?  Where?
> The account creation seems self-explanatory. Or did you want to document
> something else?

I don't know.  I was just tossing out a suggestion based on my stumbling.

Yes, it's reasonably obvious, but only after you find the right URL.

> Yes, Coverity is pointing at the GitHub mirror.

I think it knows that it is a mirror.

> I approved your account.

Thanks.  I didn't get any you-were-approved mail.

Do I have to explicitly sign up for mail about reports?

> No. We run the Coverity CI job weekly via a schedule, ...
> I'll work on running Coverity post-merge.

I agree that running it every merge is overkill.

A button that says run-now would be nice if we are working on fixing Coverity 

Can you poke it by hand?

How does Coverity fit into the release procedure?
Should we schedule releases after a Coverity run?

> Do you need the ability to run Coverity offline on
> your development host before you push?

Not really.  I expect this will all get sorted out and slip into the 
background before long.  "before long" just takes longer if the turn around 
time is a week rather than an hour.  I'm not in a hurry as long as I know what 
to expect.  I have plenty of other things to work on.

I got confused by misreading the report that started this thread so I was 
thinking that Coverity might generate a lot of reports that we would have to 

I'm close to having -Wswitch-enum ready.

These are my opinions.  I hate spam.

More information about the devel mailing list