[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] Fixes for issues found by Coverity static analysi
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] [PATCH] Fixes for issues found by Coverity static analysis |
Date: |
Mon, 27 Aug 2018 12:59:55 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 08/27/2018 11:01 AM, Tomas Hozza wrote:
> Hi Darshit.
>
> On 25.08.2018 08:20, Darshit Shah wrote:
>> Hi Tomas,
>>
>> Thanks for running the scan and the patches you've made! I briefly glanced
>> through those and they seem fine. Of course, they will need to be slightly
>> modified to apply to the current git HEAD. I can do that in the coming days
>> and
>> apply these patches.
>
> These were based on the git HEAD at the time of sending. From what I checked
> just now, that should be still the case. I'm working on
> git://git.savannah.gnu.org/wget.git.
>
>> I would like to ask you if there is a regular scan of Wget that you have set
>> up
>> on Coverity. We used to run coverity scans regularly, but since the last year
>> or so, I haven't managed to get the coverity binaries to execute on my
>> system.
>> So the scans stopped. If you have a scheduled run, I would like to be able to
>> see the results on Coverity so that we can keep fixing those issues.
>
> This is Red Hat's internal instance of Coverity combined with other static
> analyzers. Nevertheless I can share the full results with you if needed.
> Please let me know if I should send it to mailing list or to you directly.
Also a big "thank you" from my side !
If you think there is no obvious security issue involved, just send to
the ML. Otherwise to Darshit and me please.
>
>> P.S.: It seems like you haven't assigned your copyrights to the FSF for Wget.
>> Do you happen to know if your employer has assigned the copyrights on your
>> behalf? I couldn't find any mentions in the list I have locally. You will
>> shortly receive the assignment form in a separate email.
>
> My knowledge is that Red Hat has agreement with FSF covering all its
> employees. Since I'm a Red Hat employee and I'm sending these changes as part
> of my job, I consider this to be implied. I have contributed to wget in the
> past with the same rationale.
Sorry, that was my fault/doubt (asked Darshit and then was offline on
the weekend). Just found the entry in the FSF list of contributors. My
first grep was -i for 'redhat' - it actually is written 'Red Hat'.
Regards, Tim
signature.asc
Description: OpenPGP digital signature