* Paul Wise <p...@debian.org> [2013-07-04 13:20:38 +0800]: > On Thu, Jul 4, 2013 at 12:48 PM, Kurt Roeckx wrote: > > > I guess you could ask, but I have a feeling they would prefer to > > work with the upstream projects. > > I've sent an email to scan-ad...@coverity.com. > > > clang also has an option to do that now I think, did someone try > > to run that on the archive? > > Do you know how to run that in an automated way? I would like to add > it here and to my pbuilder hook: > > http://wiki.debian.org/HowToPackageForDebian#Check_points_for_any_package > > Debian's efforts on archive-wide scanning have seen better days. There > is Mole (in qa svn repo), which does some data extraction and other > things and is currently only used for watch file checking I think. > There is DACA, which isn't being worked on AFAICT. There is > debuild.me, which is actively being worked on by paultag and it uses > the firehose data format, which is a Fedora initiated project about > machine-readable static/etc analysis results. > > http://qa.debian.org/cgi-bin/mole > http://qa.debian.org/daca/ > http://debuild.me/ > https://github.com/fedora-static-analysis/firehose
There's a GSoC project underway, mentored by Sylvestre Ledru, to run scan-build on all the archive. Here's the student application: https://wiki.debian.org/SummerOfCode2013/StudentApplications/LeoCavaille and a link to the progress reports from Léo: http://lists.alioth.debian.org/pipermail/soc-coordination/2013-June/001544.html http://lists.alioth.debian.org/pipermail/soc-coordination/2013-June/001600.html Things seem to be going smoothly. IIRC Léo and Sylvestre will be at DebConf too, so it might be the good time to do a BoF (or graft that on a QA BoF)? Cheers, -- Nicolas Dandrimont BOFH excuse #255: Standing room only on the bus.
signature.asc
Description: Digital signature
