On Mon, 2016-01-04 at 16:47 +0000, Ian Jackson wrote:
> Ian Campbell writes ("[PATCH OSSTEST] Add a weekly coverity flight"):
> > Move collectversions into Osstest::BuildSupport rather than
> > duplicating with ts-xen-build (nothing else is really duplicated)
>
> This could profitably be split into a separate patch IMO.
>
> > For the cr-* integration we treat branch=coverity as a special case of
> > tree=xen. I didn't think tree=coverity made much sense, and would
> > probably reach tendrils into lots of other places (such as the
> > invocations of check_tested).
> >
> > TODO: How to pick $c{CoverityEmail}, needs to be a real email which is
> > in coverity project (which secur...@xen.org used here is not)
>
> I don't have an answer to this but perhaps osstest-admin@xenproject ?
> Or will it get lots of annoying output ? (We could filter it to make
> it go to osstest-output I guess...)
It's not lots of output, but it will contain potential security
vulnerabilities.
In principal it should only contain newly introduced vulnerabilities, which
we would obviously fix before releasing, but:
a) We might not notice but someone more nefarious might
b) Some kinds of changes can cause previously discovered (but not fixed)
issues to be re-reported
> > +CoverityEmail secur...@xen.org
> > +CoverityTools cov-analysis-linux64-7.7.0.4.tar.gz
>
> This file needs a DEPLOYMENT NOTE I think.
Yes.
>
> The rest of this looks OK. A review from Andrew Cooper might be
> worthwhile ?
>
> Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
