On 03/28/2018 06:18 PM, Wei Liu wrote: > Cc Lars > > On Wed, Mar 28, 2018 at 10:15:36AM -0700, Stefano Stabellini wrote: >> On Wed, 28 Mar 2018, George Dunlap wrote: >>> On 03/28/2018 02:49 PM, Wei Liu wrote: >>>> On Wed, Mar 28, 2018 at 02:33:37PM +0100, Roger Pau Monné wrote: >>>>> Hello, >>>>> >>>>> According to the contribution guidelines document [0] the coverity >>>>> database of issues is private, which makes it hard for new people to >>>>> see issues. IMO it makes no sense to keep the result private anymore: >>>>> >>>>> - They have been audited for plenty of time by different people >>>>> that currently has access to the database. >>>>> - Anyone can reproduce the same results by forking Xen on github and >>>>> sending a build to coverity for analysis AFAICT. >>>>> >>>>> On the plus side, having the database open would allow us the >>>>> following: >>>>> >>>>> - Coverity reports could be sent to xen-devel, so anyone could pick >>>>> and fix new issues. >>>>> - Newcomers could use coverity in order to find small size tasks to >>>>> work on. >>>>> >>>> >>>> +1 for making it public. >>>> >>>> It used to be the case that people had access manually forward issues to >>>> new comers. It was not fun for anyone involved. >>>> >>>> The way the current policy is written makes it only theoretically >>>> possible for new comers to access the results (note the signed by PGP >>>> key in a part of the strong set of web of trust), but is more likely to >>>> be impossible in practice. >>> >>> NB that as I understand the term, "strong set" has a meaning generally >>> the opposite of what you'd expect in this context: that is, trusting the >>> "strong set", by including everyone that can be transitively included, >>> is relatively weak from a security point of view. >>> >>> For anyone outside of old-school hacking communities (like Debian, >>> Linux, &c), this is likely to be a significant barrier to entry. On the >>> other hand, the more communities insist on this sort of thing, the less >>> of a barrier it will become. :-) >>> >>> In any case, I think the barrier is moot at this point, and should be >>> taken down. >> >> I started a thread recently among committers and the agreement was to >> open up the results. Andrew volunteered but the one time I reminded him >> to do it on IRC, Coverity was offline. Please go ahead and open up the >> results now. > > Lars, if you don't object I'm going to open up the results. And I will > leave the task to update the contribution guide webpage to you. :-)
I'd wait at least until EOD Thursday. :-) -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
