I remember we talked about this before, maybe at the Dublin meeting. There is the option to set up GNUstep on scan.coverity.com to have the code automatically checked for known vulnerabilities. At the time we did discuss this there wasn’t support for Objective-C but this seems to have been added:
https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf What are your opinions on this? In the beginning it will require some extra effort to fix the found weaknesses and somehow to flag the false positives. And who should be in charge of getting the reports? The idea here is that only the person registered for the project will get the report to prevent 0-day issues becoming public too soon. Fred _______________________________________________ Gnustep-dev mailing list Gnustep-dev@gnu.org https://lists.gnu.org/mailman/listinfo/gnustep-dev