On Friday 06 June 2008 05:45:06 am Brendan Burns wrote:
> I will be setting up an account for myself as the primary contact for
> I have two questions:
> a) Does anyone else want a login?
Sure. Give them sfeam as a user name, since that's my SourceForge ID.
> b) What version of gnuplot do we want Coverity to scan? The latest
> stable release? The latest development release? The source repository?
There is no such thing as "latest development release", but I could
run off an installable snapshot of the CVS source tree if that's what
they prefer to work from.
Thanks for taking the lead on this.
> On May 20, 2008, at 5:07 PM, Ethan Merritt wrote:
> > There's a press release from Coverity today:
> > http://lwn.net/Articles/283179/
> > saying that they are releasing
> > "2 years of analysis of more than 55 million lines of code on a
> > recurring
> > basis from over 250 popular open source projects with Coverity
> > PreventT, the
> > industry-leading static source code analysis solution."
> > You may or may not recall that Coverity is a commercial outfit
> > that started life as the "Stanford Checker". As I understand it, it
> > uses
> > a highly-modified C compiler to examine the code and report flawed
> > code
> > paths, failures of initialization, and so on. Anyhow, the point is
> > that
> > gnuplot is one of the 250 code bases that they analyzed. The press
> > release
> > says that
> > "Source code analysis from the Scan site is freely available
> > to qualified open source projects at: http://scan.coverity.com"
> > A quick look at that site doesn't make it obvious what one actually
> > gets as part of the analysis, but I suppose it is worth pursuing.
> > That's a lot of high-powered bug-checking already done for us.
> > But I wonder what version of the code they checked?
> > The site does say that if you work with them to reduce the number
> > of bugs, they will re-run the analysis on a current source tree.
> > Anyone interested in contacting them?
> > --
> > Ethan A Merritt
> Hey Folks,
> I contacted Ethan off list and told him I would be interested in
> following up with Coverity.
> After a couple of weeks, I finally got the following response:
> > We already did an analysis of gnuplot some time ago, and I can put
> > that
> > online quite quickly as soon as the new server is ready, but we'll
> > want
> > to give you an updated build as well.
> > Send me a list of developers who want a login to the database, and
> > I'll
> > get their accounts set up as soon as it's online. If there's a
> > particular person who wants to be the primary contact for us, please
> > let
> > me know who that is as well.
> > Thank You.