Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752362AbWCFK1b (ORCPT ); Mon, 6 Mar 2006 05:27:31 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751653AbWCFK1b (ORCPT ); Mon, 6 Mar 2006 05:27:31 -0500 Received: from emailhub.stusta.mhn.de ([141.84.69.5]:27921 "HELO mailout.stusta.mhn.de") by vger.kernel.org with SMTP id S1751136AbWCFK1b (ORCPT ); Mon, 6 Mar 2006 05:27:31 -0500 Date: Mon, 6 Mar 2006 11:27:29 +0100 From: Adrian Bunk To: Ben Chelf Cc: linux-kernel@vger.kernel.org Subject: Re: Coverity Open Source Defect Scan of Linux Message-ID: <20060306102729.GD3974@stusta.de> References: <440BCA0F.50501@coverity.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <440BCA0F.50501@coverity.com> User-Agent: Mutt/1.5.11+cvs20060126 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3035 Lines: 81 On Sun, Mar 05, 2006 at 09:35:11PM -0800, Ben Chelf wrote: > Hello Linux Developers, Hi Ben, > I'm the CTO of Coverity, Inc., a company that does static source code > analysis to look for defects in code. You may have heard of us or of our > technology from its days at Stanford (the "Stanford Checker"). The > reason I'm writing is because we have set up a framework internally to > continually scan open source projects and provide the results of our > analysis back to the developers of those projects. Linux is one of the > 32 projects currently scanned at: > > http://scan.coverity.com >... > Right now, we're guarding access to the actual defects that we report > for a couple of reasons: (1) We think that you, as developers of Linux, > should have the chance to look at the defects we find to patch them > before random other folks get to see what we found and (2) From a > support perspective, we want to make sure that we have the appropriate > time to engage with those who want to use the results to fix the code. > Because of this second point, I'd ask that if you are interested in > really digging into the results a bit further for your project, please > have a couple of core maintainers (or group nominated individuals) reach > out to me to request access. As this is a new process for us and still > involves a small number of packages, I want to make sure that I > personally can be involved with the activity that is generated from this > effort. >... It seems there is some internal communication problem inside your company: This is far from being a "new process", you already offered this for some time at http://linuxbugsdb.coverity.com/ (with the exception that you stopped updating the results half a year ago). If you as the CTO didn't know about this it is giving a very bad impression of your company. Some questions regarding this move: - can you migrate the accounts from linuxbugsdb.coverity.com? - are the comments Linux kernel developers like me did at linuxbugsdb.coverity.com migrated to scan.coverity.com or was this wasted work? Another thing you could give a small clarification about: Your email sounds as if your offer was like a charity offer from Coverity, Inc. OTOH, I remember press rumors of Coverity, Inc getting 297 000 Dollar for this from the Department of Homeland Security. I'm sure you are not silently omitting that you are getting public fundings for what you are offering, but an official statement would be nice. > -ben cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/