-RE: Coverity Scan (MAPREDUCE-5032)
Jon Jarboe 2013-08-26, 18:24
Thanks for the interest. I'm in the process of building the 2.1.0 beta as suggested by Roman.
> -----Original Message-----
> From: Ottenheimer, Davi [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 26, 2013 1:11 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Coverity Scan (MAPREDUCE-5032)
> Perhaps open the JIRA with only a reference/link to the Coverity report, and
> limit access to only those working on the issues.
> Full disclosure, update the JIRA, after fix.
> Davi Ottenheimer
> Senior Director of Trust
> EMC Corporation
> [EMAIL PROTECTED] | @daviottenheimer | +1-415-271-6259
> blog: http://www.flyingpenguin.com/
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
> > Roman Shaposhnik
> > Sent: Monday, August 26, 2013 10:50 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Coverity Scan (MAPREDUCE-5032)
> > On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli
> > <[EMAIL PROTECTED]> wrote:
> > >
> > > Can you file a JIRA and attach the report there? That is the best
> > > way to
> > move this forward.
> > Last time I was involved in a Coverity scan was when they scanned
> > another project I'm committer on (FFmpeg). The lesson there was that
> > the value you get out of browsing on their site
> > https://scan.coverity.com is immeasurably higher than from any static
> report that can be attached to a JIRA.
> > Also, at least in FFmpeg's case, Coverity identified a few things that
> > could've been used as potential exploits so it made perfect sense to
> > have a white-list of project members who could get access to the
> > initial report instead of going all public with it to begin with
> > (which would happen if it just gets attached to a JIRA in its entirety).
> > Just my 2c worth of working with them in the past.
> > Thanks,
> > Roman.