gnustep-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Coverity Scan for GNUstep?


From: Ivan Vučica
Subject: Re: Coverity Scan for GNUstep?
Date: Mon, 15 Jan 2018 01:50:37 +0000

I don't recall it, but it seems like a good idea.

I don't have a preference. Perhaps particular project's maintainer? Or
perhaps we can (instead of a single person) have a closed-off security
discussion list, with a limited number of invite-only participants?
Can we do that on gnu.org?

Do you feel like setting this up?

On Sun, Jan 14, 2018 at 6:54 PM, Fred Kiefer <address@hidden> wrote:
> I remember we talked about this before, maybe at the Dublin meeting. There is 
> the option to set up GNUstep on scan.coverity.com to have the code 
> automatically checked for known vulnerabilities. At the time we did discuss 
> this there wasn’t support for Objective-C but this seems to have been added:
>
> https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf
>
> What are your opinions on this? In the beginning it will require some extra 
> effort to fix the found weaknesses and somehow to flag the false positives. 
> And who should be in charge of getting the reports? The idea here is that 
> only the person registered for the project will get the report to prevent 
> 0-day issues becoming public too soon.
>
> Fred
> _______________________________________________
> Gnustep-dev mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnustep-dev



reply via email to

[Prev in Thread] Current Thread [Next in Thread]