Boost logo

Boost :

Subject: Re: [boost] Coverity Static Code Analysis
From: John Maddock (john_at_[hidden])
Date: 2009-02-04 11:23:23


> That's not great, is it? But if you read on a bit further a more
> practical problem becomes apparent (if I have understood it correctly):
> the person who registers with them is allowed to see the analysis but
> they're not allowed to reveal it to anyone else (e.g. by posting to
> this list), except indirectly by posting the bug fixes. I can see that
> that might work for some projects, but for a collection of sub-projects
> like Boost where no-one has expert understanding of everything, it
> doesn't seem appropriate.

I guess we would need a team of people willing to triage issues flagged up
and then make contact with the appropriate library author: I'm guessing that
while they cannot reveal the exact information provided by coverity they
could say "there appears to be a potential buffer overrun on line #, can you
please look into it?".

John.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk