[mythtv] status of MythTV wrt Coverity Scan

Stuart Morgan stuart at tase.co.uk
Thu May 10 00:18:40 UTC 2012


On Wednesday 09 May 2012 17:19:13 Eric Sharkey wrote:
> On Wed, May 9, 2012 at 4:37 PM, Eric Sharkey <eric at lisaneric.org> wrote:
> > I'll be sending login information to individuals shortly.
> 
> Actually I'm not sure who, beyond Stuart, wants/needs/should have access.
> 
> Coverity's position is that access should be restricted to official
> developers based on responsible disclosure rules for potential
> security vulnerabilities.
> 
> On the other hand, there's nothing revealed here that anyone with a
> commercial Coverity license couldn't get own.

We should restrict it to official devs for now because it's not a read-only 
thing and we don't want just anyone modifying the severity/resolution of 
warnings. Much as the help would be appreciated we don't want the hard work of 
triaging to be undone either accidentally or maliciously.

An official dev is anyone with a mythtv.org email address and we should sign 
people up with those addresses.
-- 
Stuart Morgan


More information about the mythtv-dev mailing list