[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tar + cpio - covscan issues
From: |
Kamil Dudka |
Subject: |
Re: tar + cpio - covscan issues |
Date: |
Sat, 10 Apr 2021 15:34:15 +0200 |
On Saturday, April 10, 2021 12:26:37 PM CEST Bruno Haible wrote:
> Hi Ondrej,
>
> > proposing patch for some of the issues found by coverity scan in tar-1.34
>
> Thanks for these reports.
>
> When we get Coverity reports, we fix the things that are valid complaints
> about the code, but we do NOT change the code to reduce the number of
> reported issues. That is because
If you have enough time to manually review the same false positives over and
over, this might work well for you. Not everybody is in the same situation.
> 1) Coverity has a UI where you can mark issues are false issues, even with
> a rationale, and such resolutions are even propagated when the same source
> file is used in a different project (such as gnulib vs. tar).
So you have access to this UI, not everybody does. Some developers prefer
terminal-based workflow over web-based UI. In any case, the data you enter
through this UI is completely isolated from the open-source software that
you maintain. Downstream consumers either have to feed their own instance
of the UI manually again, or just use something else without any cooperation
with upstream.
> 2) About 80%
> to 90% of the reported issues are false issues. We would be seriously
> contorting the source code if we attempted to change the code to avoid the
> reports.
If you keep fixing real issues and ignoring false positives, such a situation
is kind of expected.
Kamil
> Bruno
- tar + cpio - covscan issues, Ondrej Dubaj, 2021/04/08
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/10
- Re: tar + cpio - covscan issues,
Kamil Dudka <=
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/10
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/10
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/10
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/11
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/15
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/15
- Re: tar + cpio - covscan issues, Kamil Dudka, 2021/04/16
- Re: tar + cpio - covscan issues, Paul Eggert, 2021/04/16
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/16
- Re: tar + cpio - covscan issues, Bruno Haible, 2021/04/16