hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Jarboe <jjar...@coverity.com>
Subject RE: Coverity Scan (MAPREDUCE-5032)
Date Mon, 26 Aug 2013 18:24:23 GMT
Thanks for the interest.  I'm in the process of building the 2.1.0 beta as suggested by Roman.

Jon
(214) 531-3496


> -----Original Message-----
> From: Ottenheimer, Davi [mailto:Davi.Ottenheimer@emc.com]
> Sent: Monday, August 26, 2013 1:11 PM
> To: common-dev@hadoop.apache.org
> Subject: RE: Coverity Scan (MAPREDUCE-5032)
> 
> Perhaps open the JIRA with only a reference/link to the Coverity report, and
> limit access to only those working on the issues.
> 
> Full disclosure, update the JIRA, after fix.
> 
> --
> Davi Ottenheimer
> Senior Director of Trust
> EMC Corporation
> davi.ottenheimer@emc.com | @daviottenheimer | +1-415-271-6259
> blog: http://www.flyingpenguin.com/
> 
> 
> > -----Original Message-----
> > From: shaposhnik@gmail.com [mailto:shaposhnik@gmail.com] On Behalf
> Of
> > Roman Shaposhnik
> > Sent: Monday, August 26, 2013 10:50 AM
> > To: common-dev@hadoop.apache.org
> > Subject: Re: Coverity Scan (MAPREDUCE-5032)
> >
> > On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli
> > <vinodkv@apache.org> wrote:
> > >
> > > Can you file a JIRA and attach the report there? That is the best
> > > way to
> > move this forward.
> >
> > Last time I was involved in a Coverity scan was when they scanned
> > another project I'm committer on (FFmpeg). The lesson there was that
> > the value you get out of browsing on their site
> > https://scan.coverity.com is immeasurably higher than from any static
> report that can be attached to a JIRA.
> >
> > Also, at least in FFmpeg's case, Coverity identified a few things that
> > could've been used as potential exploits so it made perfect sense to
> > have a white-list of project members who could get access to the
> > initial report instead of going all public with it to begin with
> > (which would happen if it just gets attached to a JIRA in its entirety).
> >
> > Just my 2c worth of working with them in the past.
> >
> > Thanks,
> > Roman.
> 



Mime
View raw message