Thanks, Roman, that's definitely still true. The web interface provides all sorts of cross-referencing, code browsing, defect history, and other capabilities that are lost in a simple report.
For what it's worth, there are multiple unrelated issues so it probably doesn't make sense to throw them into a single JIRA anyway.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Roman Shaposhnik
> Sent: Monday, August 26, 2013 12:50 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Coverity Scan (MAPREDUCE-5032)
> On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli
> <[EMAIL PROTECTED]> wrote:
> > Can you file a JIRA and attach the report there? That is the best way to
> move this forward.
> Last time I was involved in a Coverity scan was when they scanned another
> project I'm committer on (FFmpeg). The lesson there was that the value you
> get out of browsing on their site https://scan.coverity.com is immeasurably
> higher than from any static report that can be attached to a JIRA.
> Also, at least in FFmpeg's case, Coverity identified a few things that could've
> been used as potential exploits so it made perfect sense to have a white-list
> of project members who could get access to the initial report instead of going
> all public with it to begin with (which would happen if it just gets attached to
> a JIRA in its entirety).
> Just my 2c worth of working with them in the past.