[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Coverity Scan for GNUstep?
From: |
Fred Kiefer |
Subject: |
Re: Coverity Scan for GNUstep? |
Date: |
Mon, 15 Jan 2018 07:56:34 +0100 |
As you know I am no fan of management tasks. If you have time for this it would
be great if you could set it up. Otherwise I will try to do it over the next
weekend.
A new mailing list would be one way to go, the other possibility is to register
the core module maintainers (your, Richard, me) for all the core modules there.
> Am 15.01.2018 um 02:50 schrieb Ivan Vučica <address@hidden>:
>
> I don't recall it, but it seems like a good idea.
>
> I don't have a preference. Perhaps particular project's maintainer? Or
> perhaps we can (instead of a single person) have a closed-off security
> discussion list, with a limited number of invite-only participants?
> Can we do that on gnu.org?
>
> Do you feel like setting this up?
>
> On Sun, Jan 14, 2018 at 6:54 PM, Fred Kiefer <address@hidden> wrote:
>> I remember we talked about this before, maybe at the Dublin meeting. There
>> is the option to set up GNUstep on scan.coverity.com to have the code
>> automatically checked for known vulnerabilities. At the time we did discuss
>> this there wasn’t support for Objective-C but this seems to have been added:
>>
>> https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf
>>
>> What are your opinions on this? In the beginning it will require some extra
>> effort to fix the found weaknesses and somehow to flag the false positives.
>> And who should be in charge of getting the reports? The idea here is that
>> only the person registered for the project will get the report to prevent
>> 0-day issues becoming public too soon.
>>
>> Fred
- Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/14
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/14
- Re: Coverity Scan for GNUstep?,
Fred Kiefer <=
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/16
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, David Chisnall, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, David Chisnall, 2018/01/22