[postgis-devel] Static Analysis

Regina Obe lr at pcorp.us
Thu May 5 11:38:06 PDT 2016


+1

-----Original Message-----
From: postgis-devel [mailto:postgis-devel-bounces at lists.osgeo.org] On Behalf Of Paul Ramsey
Sent: Thursday, May 05, 2016 2:07 PM
To: PostGIS Development Discussion <postgis-devel at lists.osgeo.org>
Subject: [postgis-devel] Static Analysis

Hey Devs,

Are we interested in receiving static analysis reports (Coverity) on the PostGIS code base?

The folks at CrunchyData are willing to stick-handle the bureaucracy around getting Coverity account for the project and a system set up to regularly pass the PostGIS code base through Coverity static analysis.
Coverity provides free (as in beer) accounts for open source projects, so the actual Coverity "account" would be the PostGIS project's and the PSC would control it.

Anyways, other than providing an annoying list of things we should do
(gah!) I see no downside to having some more information on our code cleanliness/security. Unlike the transifex stuff, there'd be no dependencies on a foreign system, since if Coverity ever shut off our access we'd be no worse off than we are right now.

Thoughts?

P
_______________________________________________
postgis-devel mailing list
postgis-devel at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/postgis-devel





More information about the postgis-devel mailing list