Ok, so in the meantime I used 2.0 for a little bit more and (got so frustrated with silly crashes that I) pulled out valgrind. Amazingly there were cases where it didn't crash when running under valgrind, that would immediatley crash otherwise.
So I'm volunteering myself to work with these scanning companies if they accept (in fact I've already sent them proposals). I'm haven't done C++ in years (mostly using python and java), but I think this will be a worthwhile way to improve the stability of cinelerra. What I need from the core maintainers is help and advice. I already recieved a response from klockwork. They want to know if I'm a maintainer, since I'm not, but am willing to shoulder these tasks, I'll need some sponsership from a maintainer. Also will need advice regarding what to scan, etc (ie, I think we should scan a pre 2.1 merge, because the stability of the merged version could still be in question....). Anyway I need to respond to the klockwork guys. So are maintainers willing to work with me and accept patches based on scanning tools? thanks -matt ps. Here's the klockwork response. Hi Matt, Yes, we can build your code and analyze it for defects and security vulnerabilities. The offer we have for open source communities is that we will analyze your code on a periodic basis as long as Cinelerra is getting value from the results. The only thing we ask in return is that if any reported bugs make it into your fix process, you provide credit to Klocwork. We hope you see that as a fair deal!! Are you a core maintainer? We want to ensure that core maintainers are involved in any analysis since, as you can imagine, there's thousands of contributors to open source and we wouldn't have the resources to respond to all their individual requests. I look forward to hearing from you. Cheers, Adam Harrison [EMAIL PROTECTED] _______________________________________________ Cinelerra mailing list Cinelerra@skolelinux.no https://init.linpro.no/mailman/skolelinux.no/listinfo/cinelerra
