On Sun, Mar 05, 2006 at 09:35:11PM -0800, Ben Chelf wrote:
> Hello Linux Developers,
Hi Ben,
> I'm the CTO of Coverity, Inc., a company that does static source code
> analysis to look for defects in code. You may have heard of us or of our
> technology from its days at Stanford (the "Stanford Checker"). The
> reason I'm writing is because we have set up a framework internally to
> continually scan open source projects and provide the results of our
> analysis back to the developers of those projects. Linux is one of the
> 32 projects currently scanned at:
>
> http://scan.coverity.com
>...
> Right now, we're guarding access to the actual defects that we report
> for a couple of reasons: (1) We think that you, as developers of Linux,
> should have the chance to look at the defects we find to patch them
> before random other folks get to see what we found and (2) From a
> support perspective, we want to make sure that we have the appropriate
> time to engage with those who want to use the results to fix the code.
> Because of this second point, I'd ask that if you are interested in
> really digging into the results a bit further for your project, please
> have a couple of core maintainers (or group nominated individuals) reach
> out to me to request access. As this is a new process for us and still
> involves a small number of packages, I want to make sure that I
> personally can be involved with the activity that is generated from this
> effort.
>...
It seems there is some internal communication problem inside your
company:
This is far from being a "new process", you already offered this for
some time at http://linuxbugsdb.coverity.com/ (with the exception that
you stopped updating the results half a year ago).
If you as the CTO didn't know about this it is giving a very bad
impression of your company.
Some questions regarding this move:
- can you migrate the accounts from linuxbugsdb.coverity.com?
- are the comments Linux kernel developers like me did at
linuxbugsdb.coverity.com migrated to scan.coverity.com or was this
wasted work?
Another thing you could give a small clarification about:
Your email sounds as if your offer was like a charity offer from
Coverity, Inc.
OTOH, I remember press rumors of Coverity, Inc getting 297 000 Dollar
for this from the Department of Homeland Security.
I'm sure you are not silently omitting that you are getting public
fundings for what you are offering, but an official statement would be
nice.
> -ben
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]