Re: [Geany-Devel] using Coverity to audit the code base
Le 26/02/2015 19:18, Colomban Wendling a écrit : > […] > > Quoting Coverity's Scan User Agreement: > > "You will not publish any findings regarding or resulting from use of > the Service or the Software;" > > IANAL, but this looks like we couldn't discuss an issue it found on e.g. > this mailing list. OK, someone gave me the argument "well but it's just to avoid security vulnerability disclosure", but even if it was true (the UA really isn't specific on this), as the UA is written I don't think we could *ever* talk about *anything* we see there. Not even days after an actual bugs was found, nor ever -- which in addition of being silly disallows discussion on how not to reproduce it in the future. > […] > > And this is the Scan User Agreement, I couldn't even find the Scan Terms > of Use (at least not without trying to actually register myself). Hum, I tried to register with my GitHub account just to see if I'd get a link to these mythical Scan Terms of Use during the process, and… I didn't have to accept *anything*, no nothing, like click and boom "you're registered". So apparently now I do have an account there -- but I still can't find these Scan Term of Use. Colomban ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel
Re: [Geany-Devel] using Coverity to audit the code base
Hey, Le 12/02/2015 22:21, Liviu Andronic a écrit : > Dear all, > Recently I've discovered Coverity, a code checking tool, and went > ahead and submitted the Geany code for static analysis by this > service: > https://scan.coverity.com/projects/1388 Quoting Coverity's Scan User Agreement: "You will not publish any findings regarding or resulting from use of the Service or the Software;" IANAL, but this looks like we couldn't discuss an issue it found on e.g. this mailing list. And your report about what it did find in Geany's code is already a violation of that agreement. More, just for the fun: "“Confidential Information” means: […] (d) any results of operation from use of the Software or the Service;" "Without limiting the generality of the foregoing, You agree that You will not post […] the results of the Service […] on any network that is accessible by anyone." And this is the Scan User Agreement, I couldn't even find the Scan Terms of Use (at least not without trying to actually register myself). So… really? Regards, Colomban PS: Of course one will tell me that "in practice" they won't come after us for discussing a fix, but if it really is against the UA I'd rather not try and see what happens. ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel
