Re: Coverity Scan

2014-05-19 Thread Corinna Vinschen
On May 17 21:58, David Stacey wrote:
> On 17/05/14 11:12, Corinna Vinschen wrote:
> >On May 16 21:00, David Stacey wrote:
> >>OK - we're in! You can find our project page at
> >>https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails
> >>to Corinna and CGF inviting them to join the project ;-)
> >I got no such mail.  You didn't try the account I'm using for the
> >mailing list, I hope?  Please use my company address vinschen AT
> >redhat DOT com.
> 
> Apologies - another invitation sent to the correct e-mail address. Further
> apologies if I should have known your correct e-mail address already!
> 
> >I have no idea how this works. I had hoped I'd just get emails with the
> >scan results, the less fancy the solution, the better. We can set this up
> >using gpg encrypted mails, that would be the most elegant solution, IMHO.
> 
> I could probably get Coverity Scan to ping you an e-mail if a new defect is
> introduced. It's probably best if you look at the web page above. Once you
> accept the invitation and log in, you'll see a button to view the defects.
> For each defect, you'll see the defect itself, along with the path that the
> analysis engine took to get there.
> [...]
> >Well, the problem is that we're going to switch to git pretty soon, and
> >that will slightly change the directory layout.  But basically, in the
> >winsup dir, you see the subdirs
> >
> >   cygserver
> >   cygwin
> >   doc
> >   lsaauth
> >   testsuite
> >   utils
> >
> >Of those you can ignore
> >
> >   doc
> >   testsuite
> >
> >The other four would be natural groups, I think.  The toplevel and
> >winsup dirs don't need to be scanned either.
> 
> I've set up components for cygserver, cygwin, utils and newlib. There were
> no defects found in 'lsaauth' (which needs investigation in itself - I'll
> look at this).

A single source file.  Not much code.  There is at least *some*
non-0 probability that the code might be correct... I hope.

> If our directory structure is going to change when we move to
> git then that is OK - I'll remap the components at the point we move.
> However, be aware that reorganising things can confuse Coverity - if you
> sign off any warnings as 'won't fix' then they may reappear if the offending
> code is moved into a different class or file.

That's to be expected.

> >You are aware that we need a copyright assignment from you if you'd like
> >to provide patches, right? Please have a look at the "Before you get
> >started" section of http://cygwin.com/contrib.html
> 
> I'll limit my patches to the trivial kind that are ten lines or less. My
> present employer is amazingly supportive of the open source work that I do
> in my own time, and that boat doesn't need rocking.

Nevertheless, I'd be glad if you try.  This project is in desperate need
of developers getting their hands dirty.

> >In theory, at the time of writing this, I'd suggest to include only cgf,
> >yaakov, and me.
> 
> I've sent an invitation to Yaakov also.

Thanks!  For the time being I already marked a single reported problem
as false positive.  I look into more at some later point.  I'll first
try to get a 1.7.29-3 with a few bugfixes out of the door.


Thanks,
Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpGFJkFSBz5p.pgp
Description: PGP signature


Re: Coverity Scan

2014-05-17 Thread David Stacey

On 17/05/14 11:12, Corinna Vinschen wrote:

On May 16 21:00, David Stacey wrote:
OK - we're in! You can find our project page at 
https://scan.coverity.com/projects/2250. Off the list, I've sent 
e-mails to Corinna and CGF inviting them to join the project ;-) 

I got no such mail.  You didn't try the account I'm using for the
mailing list, I hope?  Please use my company address vinschen AT
redhat DOT com.


Apologies - another invitation sent to the correct e-mail address. 
Further apologies if I should have known your correct e-mail address 
already!


I have no idea how this works. I had hoped I'd just get emails with 
the scan results, the less fancy the solution, the better. We can set 
this up using gpg encrypted mails, that would be the most elegant 
solution, IMHO. 


I could probably get Coverity Scan to ping you an e-mail if a new defect 
is introduced. It's probably best if you look at the web page above. 
Once you accept the invitation and log in, you'll see a button to view 
the defects. For each defect, you'll see the defect itself, along with 
the path that the analysis engine took to get there.


For example, consider the case of reading an uninitialised variable. The 
trace would start at the point the variable is declared. You would see 
the path taken through the code (e.g. taking the 'true' path of an 'if' 
statement, or not executing a 'while' loop because the condition was 
never satisfied) until you arrive at a line where the variable is read 
without ever having been initialised. This is more useful than simply 
complaining about reading an uninitialised variable: often these can be 
logic errors, i.e. the coder didn't consider a certain scenario, or 
thought that all paths through the code would initialise the variable at 
some point. As Coverity shows you the path through the code (even 
between functions), you see the hole in the logic.



There is still a little work to do in setting up the Coverity scan. The next
step is to group the code into logical clusters, which Coverity calls
Components. Typically, this is done on directories or other file groupings,
and the tool allows you to concentrate on just one of these components at
once. If you let me know what components you'd like, I'll set them up.

Well, the problem is that we're going to switch to git pretty soon, and
that will slightly change the directory layout.  But basically, in the
winsup dir, you see the subdirs

   cygserver
   cygwin
   doc
   lsaauth
   testsuite
   utils

Of those you can ignore

   doc
   testsuite

The other four would be natural groups, I think.  The toplevel and
winsup dirs don't need to be scanned either.


I've set up components for cygserver, cygwin, utils and newlib. There 
were no defects found in 'lsaauth' (which needs investigation in itself 
- I'll look at this). If our directory structure is going to change when 
we move to git then that is OK - I'll remap the components at the point 
we move. However, be aware that reorganising things can confuse Coverity 
- if you sign off any warnings as 'won't fix' then they may reappear if 
the offending code is moved into a different class or file.


You are aware that we need a copyright assignment from you if you'd 
like to provide patches, right? Please have a look at the "Before you 
get started" section of http://cygwin.com/contrib.html


I'll limit my patches to the trivial kind that are ten lines or less. My 
present employer is amazingly supportive of the open source work that I 
do in my own time, and that boat doesn't need rocking.



In theory, at the time of writing this, I'd suggest to include only cgf,
yaakov, and me.


I've sent an invitation to Yaakov also.

Cheers,

Dave.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: Coverity Scan

2014-05-17 Thread Corinna Vinschen
On May 16 16:03, Jeffrey Altman wrote:
> On 5/16/2014 4:00 PM, David Stacey wrote:
> > OK - we're in! You can find our project page at
> > https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails
> > to Corinna and CGF inviting them to join the project ;-)
> 
> gold star?

Sure.  Thanks David!


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpJynYDTZAf4.pgp
Description: PGP signature


Re: Coverity Scan

2014-05-17 Thread Corinna Vinschen
Hi David,

On May 16 21:00, David Stacey wrote:
> On 25/04/14 16:53, Christopher Faylor wrote:
> >On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
> >>On Apr 25 06:33, David Stacey wrote:
> >>>  Coverity Scan [1] is a commercial (paid for) static analysis tool, but
> >>>  they offer it to Open Source programmes for free. I was having a browse
> >>>  through the list of Open Source programmes using Coverity Scan, and
> >>>  noticed that Cygwin wasn't listed. Would there be any interest in
> >>>  analysing the cygwin1.dll source code on a fairly regular basis? If so,
> >>>  I would be happy to have a go at setting up an analysis job for Cygwin.
> >>>  I would imagine this would be of interest to CGF, Corinna and anyone
> >>>  else who regularly updates the Cygwin source code. Obviously, this is
> >>>  only worth doing if the analysis results are looked at and acted upon.
> >>Depends.  If the report contains lots of false positives, it's getting
> >>annoying pretty quickly.
> >We use coverity at work.  It is annoying and it does have false positive
> >but a lot of what look like false positives often turn out to be:  "Oh,
> >wait.  (#*(&$  Yeah.  That's a problem."
> >
> >If we could use coverity I'm sure it would be interesting if we can get
> >it.
> 
> OK - we're in! You can find our project page at
> https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to
> Corinna and CGF inviting them to join the project ;-)

I got no such mail.  You didn't try the account I'm using for the
mailing list, I hope?  Please use my company address vinschen AT
redhat DOT com.

> It would be responsible of us to restrict access to known vulnerabilities,
> so please _don't_ ask for visibility of the scan results. I will leave it to
> CGF and Corinna to decide who we give access to and when.

I have no idea how this works.  I had hoped I'd just get emails with
the scan results, the less fancy the solution, the better.  We can
set this up using gpg encrypted mails, that would be the most elegant
solution, IMHO.

> There is still a little work to do in setting up the Coverity scan. The next
> step is to group the code into logical clusters, which Coverity calls
> Components. Typically, this is done on directories or other file groupings,
> and the tool allows you to concentrate on just one of these components at
> once. If you let me know what components you'd like, I'll set them up.

Well, the problem is that we're going to switch to git pretty soon, and
that will slightly change the directory layout.  But basically, in the
winsup dir, you see the subdirs

  cygserver
  cygwin
  doc
  lsaauth
  testsuite
  utils

Of those you can ignore 

  doc
  testsuite

The other four would be natural groups, I think.  The toplevel and
winsup dirs don't need to be scanned either.

> The Coverity build is being performed on one of my PCs at the moment. I'll
> try to do this at least weekly using a snapshot from the snapshots page.
> I'll also try to submit patches as and when time allows.

You are aware that we need a copyright assignment from you if you'd like
to provide patches, right?  Please have a look at the "Before you get
started" section of http://cygwin.com/contrib.html

> But if this is
> going to work then anyone who regularly contributes to the Cygwin source
> code will have to make use of the tool.

In theory, at the time of writing this, I'd suggest to include only cgf,
yaakov, and me.  Other people could join us on request, if they provide
patches to the Cygwin code base, or provided non-trivial patches in the
past.

> Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to join
> the Scan programme.

Yes, that's nice.  I'm thanking him as well.


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpasdGNbx5xl.pgp
Description: PGP signature


Re: Coverity Scan

2014-05-16 Thread Jeffrey Altman
On 5/16/2014 4:00 PM, David Stacey wrote:
> OK - we're in! You can find our project page at
> https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails
> to Corinna and CGF inviting them to join the project ;-)

gold star?




smime.p7s
Description: S/MIME Cryptographic Signature


Re: Coverity Scan

2014-05-16 Thread David Stacey

On 25/04/14 16:53, Christopher Faylor wrote:

On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:

On Apr 25 06:33, David Stacey wrote:

  Coverity Scan [1] is a commercial (paid for) static analysis tool, but
  they offer it to Open Source programmes for free. I was having a browse
  through the list of Open Source programmes using Coverity Scan, and
  noticed that Cygwin wasn't listed. Would there be any interest in
  analysing the cygwin1.dll source code on a fairly regular basis? If so,
  I would be happy to have a go at setting up an analysis job for Cygwin.
  
  I would imagine this would be of interest to CGF, Corinna and anyone

  else who regularly updates the Cygwin source code. Obviously, this is
  only worth doing if the analysis results are looked at and acted upon.

Depends.  If the report contains lots of false positives, it's getting
annoying pretty quickly.

We use coverity at work.  It is annoying and it does have false positive
but a lot of what look like false positives often turn out to be:  "Oh,
wait.  (#*(&$  Yeah.  That's a problem."

If we could use coverity I'm sure it would be interesting if we can get
it.


OK - we're in! You can find our project page at 
https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails 
to Corinna and CGF inviting them to join the project ;-)


It would be responsible of us to restrict access to known 
vulnerabilities, so please _don't_ ask for visibility of the scan 
results. I will leave it to CGF and Corinna to decide who we give access 
to and when.


There is still a little work to do in setting up the Coverity scan. The 
next step is to group the code into logical clusters, which Coverity 
calls Components. Typically, this is done on directories or other file 
groupings, and the tool allows you to concentrate on just one of these 
components at once. If you let me know what components you'd like, I'll 
set them up.


The Coverity build is being performed on one of my PCs at the moment. 
I'll try to do this at least weekly using a snapshot from the snapshots 
page. I'll also try to submit patches as and when time allows. But if 
this is going to work then anyone who regularly contributes to the 
Cygwin source code will have to make use of the tool.


Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to 
join the Scan programme.


Cheers,

Dave.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: GIT (was: Coverity Scan)

2014-04-25 Thread Duncan Roe
On Sat, Apr 26, 2014 at 08:42:34AM +0800, JonY wrote:
> On 4/26/2014 07:27, Andrey Repin wrote:
> > This is exactly what makes me dislike it strongly. This, and idiotic model 
> > of
> > copying whole repository to my machine, when I only want to glance at the
> > source code, and find the culprit of my current issues.
> > I've spent 3 hours downloading a 200Mb repo of a project, where the 
> > Subversion
> > client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what 
> > an
> > idiotic weight I pulled and went to google to see if it can be done better.
> > And "fine control" doesn't mix with "project consistency" at all.
> > Subversion is aimed at versioning of a whole project, in a supposedly
> > consistent state at each version. What can be more "fine" than this, is 
> > beyond
> > my understanding.
>
> git clone --depth 1 if you don't care about history.
>
> > You can still commit separate files from working copy, though, but this
> > practice is discouraged for the greater good of the project you develop.
> >
>
> Don't you need to git add individual files to mark for commit? Won't you
> get into the same problems if you forgot to commit files in SVN?
>
>
>
"git commit -a" commits modified files without the need to add them first.
You always have to add new files.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: GIT (was: Coverity Scan)

2014-04-25 Thread JonY
On 4/26/2014 07:27, Andrey Repin wrote:
> This is exactly what makes me dislike it strongly. This, and idiotic model of
> copying whole repository to my machine, when I only want to glance at the
> source code, and find the culprit of my current issues.
> I've spent 3 hours downloading a 200Mb repo of a project, where the Subversion
> client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what an
> idiotic weight I pulled and went to google to see if it can be done better.
> And "fine control" doesn't mix with "project consistency" at all.
> Subversion is aimed at versioning of a whole project, in a supposedly
> consistent state at each version. What can be more "fine" than this, is beyond
> my understanding.

git clone --depth 1 if you don't care about history.

> You can still commit separate files from working copy, though, but this
> practice is discouraged for the greater good of the project you develop.
> 

Don't you need to git add individual files to mark for commit? Won't you
get into the same problems if you forgot to commit files in SVN?





signature.asc
Description: OpenPGP digital signature


Re: GIT (was: Coverity Scan)

2014-04-25 Thread Andrey Repin
Greetings, Jim Garrison!

>> -Original Message-
>> Corinna Vinschen
>> Sent: Friday, April 25, 2014 6:33 AM
>> > >>  There have been a few hints on this list about a possible move
>> > >> from CVS  to git. If such a move were on the cards then that should
>> > >> probably  happen first - I wouldn't want the nugatory effort of
>> > >> getting this  working from CVS only to have to change it almost
>> immediately.
>> > >Yeah, I'm n ot exactly looking forward to it since I'm very familiar
>> > >with CVS or SVN, but have nothing but trouble with git.  But since
>> > >everybody else is so very happy with git, I guess I'll have to adapt.
>> > >Teeth-gnashingly.

> I recently went through the same reluctant switch to Git from SVN.

> I can tell you from personal experience that there's a period of
> disorientation when even the simplest tasks require a quick trip to Google.
> And Git requires a major shift in your mental model of how things work.
> Instead of 2 places where stuff is (local and remote) there are now 4
> (workspace, stage, local repo, remote repo).

> HOWEVER... once you get over the learning hump you see that Git is MUCH
> better and allows much finer control over what's happening.

This is exactly what makes me dislike it strongly. This, and idiotic model of
copying whole repository to my machine, when I only want to glance at the
source code, and find the culprit of my current issues.
I've spent 3 hours downloading a 200Mb repo of a project, where the Subversion
client pulled 4 or 5Mb HEAD of it in like 10 minutes, once I realized what an
idiotic weight I pulled and went to google to see if it can be done better.
And "fine control" doesn't mix with "project consistency" at all.
Subversion is aimed at versioning of a whole project, in a supposedly
consistent state at each version. What can be more "fine" than this, is beyond
my understanding.
You can still commit separate files from working copy, though, but this
practice is discouraged for the greater good of the project you develop.

> Plus, the online documentation is very good, and questions have been asked
> enough times that Google serves up good answers to just about any question.
> If you have Cygwin/X installed, the "git gui" and "gitk" tools will make the
> transition easier.

> I started learning Git in earnest back in December, and really started
> "thinking in Git" soon after.  Now, if I had to go back I would be
> disappointed.  


--
WBR,
Andrey Repin (anrdae...@yandex.ru) 26.04.2014, <03:19>

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: GIT (was: Coverity Scan)

2014-04-25 Thread Reini Urban
On Fri, Apr 25, 2014 at 11:22 AM, Corinna Vinschen wrote:
> On Apr 25 15:24, Jim Garrison wrote:
>> > Corinna Vinschen
>> > > >Yeah, I'm n ot exactly looking forward to it since I'm very familiar
>> > > >with CVS or SVN, but have nothing but trouble with git.  But since
>> > > >everybody else is so very happy with git, I guess I'll have to adapt.
>> > > >Teeth-gnashingly.
>>
>> I recently went through the same reluctant switch to Git from SVN.
>>
>> I can tell you from personal experience that there's a period of 
>> disorientation when even the simplest tasks require a quick trip to Google.  
>> And Git requires a major shift in your mental model of how things work. 
>> Instead of 2 places where stuff is (local and remote) there are now 4 
>> (workspace, stage, local repo, remote repo).
...
> Yeah, I'm trying to get a grip via "the book" http://git-scm.com/book/

Only experience helps.
I needed about a year to not loose too much changes after the switch
from svn to git, but feeling very happy now.
It helps having backups for the beginning if you try out rebase or
reset --hard or
git pull --force.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: Coverity Scan

2014-04-25 Thread David Arnstein
On Fri, Apr 25, 2014 at 11:53:24AM -0400, Christopher Faylor wrote:
> We use coverity at work.  It is annoying and it does have false positive
> but a lot of what look like false positives often turn out to be:  "Oh,
> wait.  (#*(&$  Yeah.  That's a problem."

I use Coverity as well, and I find it to be excellent. The latest version
finds copy and paste errors. In particular, it recently issued two
complaints about such errors. In both cases, Coverity was correct, a
developer really had done copy-and-paste twice, introducing an error
each time.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: GIT (was: Coverity Scan)

2014-04-25 Thread Corinna Vinschen
On Apr 25 15:24, Jim Garrison wrote:
> > Corinna Vinschen
> > > >Yeah, I'm n ot exactly looking forward to it since I'm very familiar
> > > >with CVS or SVN, but have nothing but trouble with git.  But since
> > > >everybody else is so very happy with git, I guess I'll have to adapt.
> > > >Teeth-gnashingly.
> 
> I recently went through the same reluctant switch to Git from SVN.
> 
> I can tell you from personal experience that there's a period of 
> disorientation when even the simplest tasks require a quick trip to Google.  
> And Git requires a major shift in your mental model of how things work. 
> Instead of 2 places where stuff is (local and remote) there are now 4 
> (workspace, stage, local repo, remote repo).
> 
> HOWEVER... once you get over the learning hump you see that Git is MUCH 
> better and allows much finer control over what's happening.  Plus, the online 
> documentation is very good, and questions have been asked enough times that 
> Google serves up good answers to just about any question.  If you have 
> Cygwin/X installed, the "git gui" and "gitk" tools will make the transition 
> easier.
> 
> I started learning Git in earnest back in December, and really started 
> "thinking in Git" soon after.  Now, if I had to go back I would be 
> disappointed.

Yeah, I'm trying to get a grip via "the book" http://git-scm.com/book/


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpewnqxvBmUk.pgp
Description: PGP signature


Re: Coverity Scan

2014-04-25 Thread Christopher Faylor
On Fri, Apr 25, 2014 at 02:17:19PM +0200, Corinna Vinschen wrote:
>On Apr 25 11:10, Jan Nijtmans wrote:
>> 2014-04-25 10:35 GMT+02:00 Corinna Vinschen:
>> > Yeah, I'm n ot exactly looking forward to it since I'm very familiar
>> > with CVS or SVN, but have nothing but trouble with git.  But since
>> > everybody else is so very happy with git, I guess I'll have to adapt.
>> > Teeth-gnashingly.
>> 
>> There are other alternatives than SVN and Git, you could try
>> Fossil: 
>> 
>> Jari Aalto made fossil version 1.28 available recently as
>> Cygwin/Cygwin64 package, which works fine. (Previous
>> builds had issues due to SQLite build problems, but those
>> are all fixed in this build). Highly recommended,
>> especially if you hate GIT (you are not the only one, really!),
>> I am using it extensively.
>
>Looks nice, but I'm not so sure there should run YA sccs on sourceware.

Right.

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: Coverity Scan

2014-04-25 Thread Christopher Faylor
On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
>On Apr 25 06:33, David Stacey wrote:
>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
>> they offer it to Open Source programmes for free. I was having a browse
>> through the list of Open Source programmes using Coverity Scan, and
>> noticed that Cygwin wasn't listed. Would there be any interest in
>> analysing the cygwin1.dll source code on a fairly regular basis? If so,
>> I would be happy to have a go at setting up an analysis job for Cygwin.
>> 
>> I would imagine this would be of interest to CGF, Corinna and anyone
>> else who regularly updates the Cygwin source code. Obviously, this is
>> only worth doing if the analysis results are looked at and acted upon.
>
>Depends.  If the report contains lots of false positives, it's getting
>annoying pretty quickly.

We use coverity at work.  It is annoying and it does have false positive
but a lot of what look like false positives often turn out to be:  "Oh,
wait.  (#*(&$  Yeah.  That's a problem."

If we could use coverity I'm sure it would be interesting if we can get
it.

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



GIT (was: Coverity Scan)

2014-04-25 Thread Jim Garrison
> -Original Message-
> Corinna Vinschen
> Sent: Friday, April 25, 2014 6:33 AM
> > >>  There have been a few hints on this list about a possible move
> > >> from CVS  to git. If such a move were on the cards then that should
> > >> probably  happen first - I wouldn't want the nugatory effort of
> > >> getting this  working from CVS only to have to change it almost
> immediately.
> > >Yeah, I'm n ot exactly looking forward to it since I'm very familiar
> > >with CVS or SVN, but have nothing but trouble with git.  But since
> > >everybody else is so very happy with git, I guess I'll have to adapt.
> > >Teeth-gnashingly.

I recently went through the same reluctant switch to Git from SVN.

I can tell you from personal experience that there's a period of disorientation 
when even the simplest tasks require a quick trip to Google.  And Git requires 
a major shift in your mental model of how things work. Instead of 2 places 
where stuff is (local and remote) there are now 4 (workspace, stage, local 
repo, remote repo).

HOWEVER... once you get over the learning hump you see that Git is MUCH better 
and allows much finer control over what's happening.  Plus, the online 
documentation is very good, and questions have been asked enough times that 
Google serves up good answers to just about any question.  If you have Cygwin/X 
installed, the "git gui" and "gitk" tools will make the transition easier.

I started learning Git in earnest back in December, and really started 
"thinking in Git" soon after.  Now, if I had to go back I would be disappointed.


Re: Coverity Scan

2014-04-25 Thread Corinna Vinschen
On Apr 25 13:19, David Stacey wrote:
> On 25/04/14 09:35, Corinna Vinschen wrote:
> >>  There are some conditions associated with using Coverity Scan [2]. The
> >>  one thing that jumps out is that our relationship with RedHat might be
> >>  a stumbling block. We can but ask - the worst that can happen is that
> >>  they politely decline.
> >They will.  #7 won't fly due to the buyout license clause.
> 
> Would you like me to enquire anyway?

Well, asking never hurts :)

> >>  There have been a few hints on this list about a possible move from CVS
> >>  to git. If such a move were on the cards then that should probably
> >>  happen first - I wouldn't want the nugatory effort of getting this
> >>  working from CVS only to have to change it almost immediately.
> >Yeah, I'm n ot exactly looking forward to it since I'm very familiar
> >with CVS or SVN, but have nothing but trouble with git.  But since
> >everybody else is so very happy with git, I guess I'll have to adapt.
> >Teeth-gnashingly.
> 
> It might help ease your pain knowing that you can use github with a
> svn client (to a limited extent):
> https://help.github.com/articles/support-for-subversion-clients

Neat.  But I fear it's time to get used to the idea.


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpn6jZeetg14.pgp
Description: PGP signature


Re: Coverity Scan

2014-04-25 Thread David Stacey

On 25/04/14 09:35, Corinna Vinschen wrote:

  There are some conditions associated with using Coverity Scan [2]. The
  one thing that jumps out is that our relationship with RedHat might be
  a stumbling block. We can but ask - the worst that can happen is that
  they politely decline.

They will.  #7 won't fly due to the buyout license clause.


Would you like me to enquire anyway?




  There have been a few hints on this list about a possible move from CVS
  to git. If such a move were on the cards then that should probably
  happen first - I wouldn't want the nugatory effort of getting this
  working from CVS only to have to change it almost immediately.

Yeah, I'm n ot exactly looking forward to it since I'm very familiar
with CVS or SVN, but have nothing but trouble with git.  But since
everybody else is so very happy with git, I guess I'll have to adapt.
Teeth-gnashingly.


It might help ease your pain knowing that you can use github with a svn 
client (to a limited extent):

https://help.github.com/articles/support-for-subversion-clients

Dave.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: Coverity Scan

2014-04-25 Thread Corinna Vinschen
On Apr 25 11:10, Jan Nijtmans wrote:
> 2014-04-25 10:35 GMT+02:00 Corinna Vinschen:
> > Yeah, I'm n ot exactly looking forward to it since I'm very familiar
> > with CVS or SVN, but have nothing but trouble with git.  But since
> > everybody else is so very happy with git, I guess I'll have to adapt.
> > Teeth-gnashingly.
> 
> There are other alternatives than SVN and Git, you could try
> Fossil: 
> 
> Jari Aalto made fossil version 1.28 available recently as
> Cygwin/Cygwin64 package, which works fine. (Previous
> builds had issues due to SQLite build problems, but those
> are all fixed in this build). Highly recommended,
> especially if you hate GIT (you are not the only one, really!),
> I am using it extensively.

Looks nice, but I'm not so sure there should run YA sccs on sourceware.


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpx3UAlrkJ9e.pgp
Description: PGP signature


Fwd: Coverity Scan

2014-04-25 Thread Jan Nijtmans
2014-04-25 10:35 GMT+02:00 Corinna Vinschen:
> Yeah, I'm n ot exactly looking forward to it since I'm very familiar
> with CVS or SVN, but have nothing but trouble with git.  But since
> everybody else is so very happy with git, I guess I'll have to adapt.
> Teeth-gnashingly.

There are other alternatives than SVN and Git, you could try
Fossil: 

Jari Aalto made fossil version 1.28 available recently as
Cygwin/Cygwin64 package, which works fine. (Previous
builds had issues due to SQLite build problems, but those
are all fixed in this build). Highly recommended,
especially if you hate GIT (you are not the only one, really!),
I am using it extensively.

Regards,
Jan Nijtmans

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple



Re: Coverity Scan

2014-04-25 Thread Corinna Vinschen
On Apr 25 06:33, David Stacey wrote:
> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
> they offer it to Open Source programmes for free. I was having a browse
> through the list of Open Source programmes using Coverity Scan, and
> noticed that Cygwin wasn't listed. Would there be any interest in
> analysing the cygwin1.dll source code on a fairly regular basis? If so,
> I would be happy to have a go at setting up an analysis job for Cygwin.
> 
> I would imagine this would be of interest to CGF, Corinna and anyone
> else who regularly updates the Cygwin source code. Obviously, this is
> only worth doing if the analysis results are looked at and acted upon.

Depends.  If the report contains lots of false positives, it's getting
annoying pretty quickly.

> There are some conditions associated with using Coverity Scan [2]. The
> one thing that jumps out is that our relationship with RedHat might be
> a stumbling block. We can but ask - the worst that can happen is that
> they politely decline.

They will.  #7 won't fly due to the buyout license clause.

> There have been a few hints on this list about a possible move from CVS
> to git. If such a move were on the cards then that should probably
> happen first - I wouldn't want the nugatory effort of getting this
> working from CVS only to have to change it almost immediately.

Yeah, I'm n ot exactly looking forward to it since I'm very familiar
with CVS or SVN, but have nothing but trouble with git.  But since
everybody else is so very happy with git, I guess I'll have to adapt.
Teeth-gnashingly.


Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpS_ZNDpqiMD.pgp
Description: PGP signature


Coverity Scan

2014-04-24 Thread David Stacey

Coverity Scan [1] is a commercial (paid for) static analysis tool, but
they offer it to Open Source programmes for free. I was having a browse
through the list of Open Source programmes using Coverity Scan, and
noticed that Cygwin wasn't listed. Would there be any interest in
analysing the cygwin1.dll source code on a fairly regular basis? If so,
I would be happy to have a go at setting up an analysis job for Cygwin.

I would imagine this would be of interest to CGF, Corinna and anyone
else who regularly updates the Cygwin source code. Obviously, this is
only worth doing if the analysis results are looked at and acted upon.

There are some conditions associated with using Coverity Scan [2]. The
one thing that jumps out is that our relationship with RedHat might be
a stumbling block. We can but ask - the worst that can happen is that
they politely decline.

There have been a few hints on this list about a possible move from CVS
to git. If such a move were on the cards then that should probably
happen first - I wouldn't want the nugatory effort of getting this
working from CVS only to have to change it almost immediately.

Any thoughts?

Dave.

[1] - https://scan.coverity.com/
[2] - https://scan.coverity.com/faq#how-get-project-included-in-scan


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple