[Python-Dev] About "Coverity Study Ranks LAMP Code Quality"
"Martin v. Löwis"
martin at v.loewis.de
Tue Mar 14 00:55:52 CET 2006
Jeff Epler wrote:
>>Because according to
>>http://www.washingtontechnology.com/news/1_1/daily_news/28134-1.html :
>>
>>"The maintainers of the source codes can register with Coverity to see
>>the full results. (End users cannot see the bug lists themselves; they
>>will be able to see how buggy a particular program may be.)"
>
>
> This distinction tweaks me a bit.
I can understand that position. The bugs they find include potential
security flaws, for which exploits could be created if the results are
freely available. While its clearly impossible to keep that information
only with trusted people, they need to make a faithful attempt to
restrict it.
If you have contributed to open source projects, you should ask the
maintainers of these projects to copy you the reports they produced.
If these maintainers consider you trustworthy, they will reveal it to
you.
Regards,
Martin
More information about the Python-Dev
mailing list