[postgis-devel] Static Analysis
Paul Ramsey
pramsey at cleverelephant.ca
Thu May 5 11:06:42 PDT 2016
Hey Devs,
Are we interested in receiving static analysis reports (Coverity) on
the PostGIS code base?
The folks at CrunchyData are willing to stick-handle the bureaucracy
around getting Coverity account for the project and a system set up to
regularly pass the PostGIS code base through Coverity static analysis.
Coverity provides free (as in beer) accounts for open source projects,
so the actual Coverity "account" would be the PostGIS project's and
the PSC would control it.
Anyways, other than providing an annoying list of things we should do
(gah!) I see no downside to having some more information on our code
cleanliness/security. Unlike the transifex stuff, there'd be no
dependencies on a foreign system, since if Coverity ever shut off our
access we'd be no worse off than we are right now.
Thoughts?
P
More information about the postgis-devel
mailing list