hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Shaposhnik <...@apache.org>
Subject Re: Coverity Scan (MAPREDUCE-5032)
Date Mon, 26 Aug 2013 17:50:02 GMT
On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli
<vinodkv@apache.org> wrote:
> Can you file a JIRA and attach the report there? That is the best way to move this forward.

Last time I was involved in a Coverity scan was when they scanned another
project I'm committer on (FFmpeg). The lesson there was that the value
you get out of browsing on their site https://scan.coverity.com is immeasurably
higher than from any static report that can be attached to a JIRA.

Also, at least in FFmpeg's case, Coverity identified a few things that
could've been used as potential exploits so it made perfect sense
to have a white-list of project members who could get access to
the initial report instead of going all public with it to begin with (which
would happen if it just gets attached to a JIRA in its entirety).

Just my 2c worth of working with them in the past.


View raw message