OK.
I'll create a RPM.ORG project at scan.coverity.com and import the code to
assess the level of pain (and there _WILL_ be pain: it took me several weeks of
mind-numbing clickety poo to get the level of reported positives from the
coverity firehose down to something that was useful for rpm maintenance.)
clang is okay (try splint sometime ;-). OTOH coverity reuses older analyses to
improve their product.
So even with no new scans, there are sometimes new problems reported. Quirky,
but the process is at least transparent, unlike fuzzing.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/306#issuecomment-329396076
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
