Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> FW: Coverity Scan (MAPREDUCE-5032)


Copy link to this message
-
RE: Coverity Scan (MAPREDUCE-5032)
Thanks, Roman, that's definitely still true.  The web interface provides all sorts of cross-referencing, code browsing, defect history, and other capabilities that are lost in a simple report.

For what it's worth, there are multiple unrelated issues so it probably doesn't make sense to throw them into a single JIRA anyway.

Jon
(214) 531-3496
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Roman Shaposhnik
> Sent: Monday, August 26, 2013 12:50 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Coverity Scan (MAPREDUCE-5032)
>
> On Mon, Aug 26, 2013 at 10:43 AM, Vinod Kumar Vavilapalli
> <[EMAIL PROTECTED]> wrote:
> >
> > Can you file a JIRA and attach the report there? That is the best way to
> move this forward.
>
> Last time I was involved in a Coverity scan was when they scanned another
> project I'm committer on (FFmpeg). The lesson there was that the value you
> get out of browsing on their site https://scan.coverity.com is immeasurably
> higher than from any static report that can be attached to a JIRA.
>
> Also, at least in FFmpeg's case, Coverity identified a few things that could've
> been used as potential exploits so it made perfect sense to have a white-list
> of project members who could get access to the initial report instead of going
> all public with it to begin with (which would happen if it just gets attached to
> a JIRA in its entirety).
>
> Just my 2c worth of working with them in the past.
>
> Thanks,
> Roman.