[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] Fixes for issues found by Coverity static analysi

From: Tim Rühsen
Subject: Re: [Bug-wget] [PATCH] Fixes for issues found by Coverity static analysis
Date: Mon, 27 Aug 2018 12:59:55 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 08/27/2018 11:01 AM, Tomas Hozza wrote:
> Hi Darshit.
> On 25.08.2018 08:20, Darshit Shah wrote:
>> Hi Tomas,
>> Thanks for running the scan and the patches you've made! I briefly glanced
>> through those and they seem fine. Of course, they will need to be slightly
>> modified to apply to the current git HEAD. I can do that in the coming days 
>> and
>> apply these patches.
> These were based on the git HEAD at the time of sending. From what I checked 
> just now, that should be still the case. I'm working on 
> git://git.savannah.gnu.org/wget.git.
>> I would like to ask you if there is a regular scan of Wget that you have set 
>> up
>> on Coverity. We used to run coverity scans regularly, but since the last year
>> or so, I haven't managed to get the coverity binaries to execute on my 
>> system.
>> So the scans stopped. If you have a scheduled run, I would like to be able to
>> see the results on Coverity so that we can keep fixing those issues.
> This is Red Hat's internal instance of Coverity combined with other static 
> analyzers. Nevertheless I can share the full results with you if needed. 
> Please let me know if I should send it to mailing list or to you directly.

Also a big "thank you" from my side !

If you think there is no obvious security issue involved, just send to
the ML. Otherwise to Darshit and me please.

>> P.S.: It seems like you haven't assigned your copyrights to the FSF for Wget.
>> Do you happen to know if your employer has assigned the copyrights on your
>> behalf? I couldn't find any mentions in the list I have locally. You will
>> shortly receive the assignment form in a separate email.
> My knowledge is that Red Hat has agreement with FSF covering all its 
> employees. Since I'm a Red Hat employee and I'm sending these changes as part 
> of my job, I consider this to be implied. I have contributed to wget in the 
> past with the same rationale.

Sorry, that was my fault/doubt (asked Darshit and then was offline on
the weekend). Just found the entry in the FSF list of contributors. My
first grep was -i for 'redhat' - it actually is written 'Red Hat'.

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]