Re: [gpsd-dev] wsg_separation Issue

[Bywater, Rick (SA-1)]

Understood.

I have attached a tarfile which contains the *.errors.xml files which
Coverity generates detailing the issues and locations.  These are the much
less pleasant to work with than their Coverity Integrity Manager web
interface.  However, they do detail the issues and where they are found,
including filename and line number.  So, failing restoration of access to
Coverity's site, you can at least use these to identify and address the
issues.

Thanks,
Rick

-----Original Message-----
From: Dave Hart [mailto:address@hidden 
Sent: Wednesday, May 09, 2012 1:41 PM
To: Bywater, Rick (SA-1)
Cc: address@hidden; address@hidden
Subject: Re: [gpsd-dev] wsg_separation Issue

On Tue, May 8, 2012 at 2:33 PM, Bywater, Rick (SA-1) <address@hidden>
wrote:
> Eric,
>
> I looked into the clock_gettime issue a bit more.  I am not sure why, 
> but scons did not configure correctly.  I re-ran it with 
> --config=force and it built clean.  So, I re-ran Coverity with the 
> corrected build.  You can find the new results attached.

The second logfile had a summary with counts of each class of putative
defect identified, but what's really needed is the blow-by-blow for each
defect giving the line(s) of code involved and the relevant identifiers
(such as variable names for uninitialized use).

Coverity analyzes ntp-dev at one of its highest (pickiest) levels as part of
the Scan initiative, but we don't get detailed reports in text logs or
emails -- we have to sign into a website and drill into each defect in turn.
It's not as bad as it sounds -- they serve up the source code as well as the
defects in a useful way, and allow colloboration in comments and tracking
(such as marking a defect as a false positive).

My advice is to try again/harder to work with Coverity to setup or restore
access for key gpsd developers to their Scan portal website, and if needed,
get them tracking your head or at least your release tarballs -- that is,
using automation to build a snapshot every release or every few days, the
results of each archived to dig into on-demand using the portal.

The human I have dealt with regarding Scan in the past, David Maxwell, is no
longer working for Coverity, based on the bounces address@hidden
elicits.  http://scan.coverity.com/about.html
has several email aliases you might try instead.

Cheers,
Dave Hart

NOTICE: This e-mail transmission (and/or the attachments accompanying it) may 
contain confidential or proprietary information belonging to DRS Technologies 
or the sender. The information is only for the use of the intended recipient. 
If you are not the intended recipient you are hereby notified that any 
disclosure, copying, distribution or the taking of any action in reliance on 
the contents of this information is strictly prohibited. Any unauthorized 
interception of this transmission is illegal under the law. If you have 
received this transmission in error, please promptly notify the sender by reply 
e-mail, and then destroy all copies of the transmission.

"This (document/presentation) may contain technical data as defined in the 
International Traffic In Arms Regulations (ITAR) 22 CFR 120.10. Export of this 
material is restricted by the Arms Export Control Act (22 U.S.C. 2751 et seq.) 
and may not be exported to foreign persons without prior written approval from 
the U.S. Department of State."

errors.tgz
Description: application/compressed

smime.p7s
Description: S/MIME cryptographic signature