On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli <vino...@apache.org> wrote: > > Can you file a JIRA and attach the report there? That is the best way to move > this forward.
Last time I was involved in a Coverity scan was when they scanned another project I'm committer on (FFmpeg). The lesson there was that the value you get out of browsing on their site https://scan.coverity.com is immeasurably higher than from any static report that can be attached to a JIRA. Also, at least in FFmpeg's case, Coverity identified a few things that could've been used as potential exploits so it made perfect sense to have a white-list of project members who could get access to the initial report instead of going all public with it to begin with (which would happen if it just gets attached to a JIRA in its entirety). Just my 2c worth of working with them in the past. Thanks, Roman.
