Re: Coverity Scan for GNUstep?

[Richard Frith-Macdonald]

> On 22 Jan 2018, at 22:23, Fred Kiefer <address@hidden> wrote:
> 
> 
> In the meantime my connection with GNUstep has been confirmed and I was able 
> to look at the found issues. Many of them are false positives mostly caused 
> by Coverity expecting normal program continuation after NSException raise. 
> Even so it did detect a few potential issues in base. I flagged some of the 
> false positives so the more interesting bits are left over for somebody to 
> look at. Especially the „time of check, time of use“ issues should be looked 
> at. 

I think the few outstanding defects are all addressed now,
Looking at a link from the coverty report I found this:

Open Source Defect Density

GNUstep base: 999,026 line of code and 0.01 defect density

Open Source Defect Density By Project Size

Line of Code (LOC)      Defect Density
Less than 100,000       0.35
100,000 to 499,999      0.5
500,000 to 1 million    0.7
More than 1 million     0.65
Note: Defect density is measured by the number of defects per 1,000 lines of 
code, identified by the Coverity platform. The numbers shown above are from our 
2013 Coverity Scan Report, which analyzed 250 million lines of open source code.

While it would have been better if it hadn't found any defects, it's still nice 
to see that our defect density is about a 70th of their normal finding 
(presumably those ratings are mean values for projects in the four size 
categories).