Hi all As Jonatan reminded the ML we need to provide SoWs if we want to participate in STF-SPI
We need one for each project (they do not need to list a person ATM) but obviously we do need someone who will do the work I do belive they do need to list the money amount. Thanks go to Pierre for helping me write template/example. (converted from google docs and with some last minute edits) @Jonatan, is this below what SPI needs for each project ? STF SOW template 1. One line summary of the proposed work Classify and fix outstanding issues identified by Coverity 2. Description of the work Coverity is a static code analysis system that is used to analyze FFmpeg code to find bugs with an emphasis on quality and security issues. There are currently 677 outstanding issues identified by Coverity (https://scan.coverity.com/projects/ffmpeg?tab=overview). Some of these issues are false positives while others could open the door to security vulnerabilities. The objective of this work is to identify the Coverity issues that are not false positives, and fix as many as possible. 3. Milestones 1. Milestone 1 1. Description Review all outstanding Coverity issues and, for each one, determine whether it is a false positive. 2. Deliverables List of both false positive and potentially real issues posted to the FFMPEG dev mailing list. 3. Compensation XXXXX euros 2. Milestone 2 1. Description Fix 50% of the outstanding real issues 2. Deliverables Patches submitted for review to the FFMPEG dev mailing list. 3. Compensation XXXXX euros 3. Milestone 3 1. Description Fix 45% of the remaining outstanding real issues. The total number of issues addressed by Milestones 2 and 3 do not total 100% to account for issues that are not practical to fix within the scope of this SOW and are deferred to future work. 2. Deliverables Patches submitted for review to the FFMPEG dev mailing list. 3. Compensation XXXXX euros 4. Developer(s) Michael Niedermayer <michael-ffw...@niedermayer.cc> I work in Austria, and have been an active contributor to FFmpeg since 2001 – 22308 commits so far. My work on FFMPEG is regularly supported by third parties and I am one of the founders of fflabs. I am also familiar with Coverity: I have fixed 563 issues out of 896 Coverity issues fixed in the past (according to gitlog *1). I fixed over 2000 issues found by ossfuzz. (*) git shortlog -s -n -i --no-merges --first-parent --grep 'fix.*\(CID\|coverity\)' -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No human being will ever know the Truth, for even if they happen to say it by chance, they would not even known they had done so. -- Xenophanes
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
