Thanks for the explanation, which of the reports do you consider as false positives and which as real issues ? If there are some real issues, are you willing to fix them ?
Thank you. Ondrej On Sat, Apr 10, 2021 at 12:32 PM Bruno Haible <br...@clisp.org> wrote: > Hi Ondrej, > > > proposing patch for some of the issues found by coverity scan in tar-1.34 > > Thanks for these reports. > > When we get Coverity reports, we fix the things that are valid complaints > about the code, but we do NOT change the code to reduce the number of > reported > issues. That is because > 1) Coverity has a UI where you can mark issues are false issues, even > with > a rationale, and such resolutions are even propagated when the same > source > file is used in a different project (such as gnulib vs. tar). > 2) About 80% to 90% of the reported issues are false issues. We would be > seriously contorting the source code if we attempted to change the > code > to avoid the reports. > > Bruno > >
