Rob Clark <[EMAIL PROTECTED]> wrote: > I'm glad this is a popular thread. > > > Alan Coopersmith wrote: > > When I asked the Coverity guys at OSCON last week, they said that it > > probably > > wouldn't be free for us, since they're in the business of selling this > > service, > > and generally won't be offering free service to projects that are mainly > > driven > > by a single company which they make money off of, and should thus be able to > > afford a commercial license. > > Could we offer them a free copy of the source, maybe 90% of the profit ... :)
As I mentioned, it seems that the rules currently are whether the "customoer" could probably buy the software. This is not true for privately run OSS projects but Sun could buy. > > Kyle wrote: > > I don' t know for sure, but Coverity's competitor KlokWork > > (www.klocwork.com) probably also does Opensource scans, and might be > > willing to scan a project that Coverity had rejected. Personally I > > prefer KlocWork, but really any static analysis is better than none. > > TWO (or three) heads are better than one (unless it's on my body or I turn > into a Hydra). Did someone check? > Any (quality) scanner that uses someone else's CPU to scan OpenSolaris and > provides a neat interface that a small group of people can use to submit > cleaned up reports to http://defect.opensolaris.org/ is better than not > knowing. It depends on what happens with sudn entries, see below > > > James Carlson wrote: > > On the plus side, there are nuggets of gold buried in the voluminous > > reports generated. The question is whether you want to invest your > > time and money into eyeballing those (and teaching all developers how > > to cope with slow run times and complicated output), or put more > > effort into traditional design and code reviews. > > We don't need to give "all" developers access. Ask for volunteers and then a > few of the core Sun OpenSolaris developers can pick a half dozen people and > assign them to that group. This would not work the way the "write" access to the source is currently implemented. > As for the "run times" it does not run on _our_ computers is my understanding. It partilly does on on your computer as the frontend that uses the local compiler does. > > Jörg wrote: > > If you like to scan Solaris ON and work on the results, this would take > > probably one man year. > > With a half dozen volunteers it might take one quarter the time. > We might get a few dozen people interested. There is a problem to do it this way at all as you need to know the code in order to decide whether there is a false positive or a real problem and how to correctly fix it. There is also a problem with the way code reviews and rights to integrate are handled in Solaris. There have been putbacks from me that contained code written in 2-3 weeks but the code review and integration process did take more than half a year. If you try to estimate the total time including putback, this could be a long time even if many people work on it. Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
