[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tar + cpio - covscan issues

From: Bruno Haible
Subject: Re: tar + cpio - covscan issues
Date: Sat, 10 Apr 2021 12:26:37 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-206-generic; KDE/5.18.0; x86_64; ; )

Hi Ondrej,

> proposing patch for some of the issues found by coverity scan in tar-1.34

Thanks for these reports.

When we get Coverity reports, we fix the things that are valid complaints
about the code, but we do NOT change the code to reduce the number of reported
issues. That is because
  1) Coverity has a UI where you can mark issues are false issues, even with
     a rationale, and such resolutions are even propagated when the same source
     file is used in a different project (such as gnulib vs. tar).
  2) About 80% to 90% of the reported issues are false issues. We would be
     seriously contorting the source code if we attempted to change the code
     to avoid the reports.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]