Re: [COVERITY ACCESS] for Embedded/Automotive team

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Lars Kurth <lars.kurth@citrix.com>
To: Julien Grall <julien.grall@arm.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
	Andrew Cooper <Andrew.Cooper3@citrix.com>,
	Artem Mygaiev <joculator@gmail.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [COVERITY ACCESS] for Embedded/Automotive team
Date: Sat, 19 Nov 2016 16:53:02 +0000	[thread overview]
Message-ID: <D456335B.306BC%lars.kurth@citrix.com> (raw)
In-Reply-To: <cbb0d184-a56c-3220-a690-eb0b46a50e6f@arm.com>



On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote:

>Hello,
>
>On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote:
>> On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote:
>>> On 18/11/16 13:36, Artem Mygaiev wrote:
>>>> Hello
>>>>
>>>> I would like to request access to Coverity Scan project. Hereby, I:
>>>>  - agree to follow the security response process.
>>>>  - undertake to report security issues discovered to the security team
>>>> (security@xenproject.org) within 3 days of discovery.
>>>>  - agree to disclose the issue only to the security team and not to
>>>> any other third party
>>>>  - waive their (security team) right to select the disclosure time
>>>> line. Discoveries will follow the default time lines given in the
>>>> policy.
>>>>
>>>> We work with Xen on ARM since 2012. Our primary goal is to introduce
>>>> Xen for embedded and in particular in automotive SW domains. Our
>>>> current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV
>>>> drivers development (audio, video, input, etc.), co-processors support
>>>> and trusted environment support through OP-TEE integration. All of our
>>>> work is public and published in OSS mailing lists. We would like to
>>>> contribute in stability of Xen overall and Xen on ARM in particular
>>>> since this is absolutely critical for most of embedded applications.
>>>
>>> I don't have an objection in principle.  However, I doubt you will find
>>> access useful.
>>>
>>> Because of the restriction of only being permitted a single Coverity
>>> stream, it is only the x86 build which is submitted for analysis.  To
>>> submit builds for separate architectures, we need alternative streams.
>>> I already requested this but the request was denied.
>>
>> Perhaps Artem doing it - along with linking to this thread could
>> sway their minds? (Hi Coverity folks!)
>
>Coverity has been proven useful on x86 to catch some bugs. A such things
>would be nice for ARM too. Is there anything we can do to get coverity
>testing ARM? (CC Lars).

Coverity does static code analysis. It analyses our entire tree, although
I don't know whether we updated it to point it to new repos such as the
mini-os one. 

>> +1 on the request.
>
>In the current state and regardless whether coverity supports ARM, I
>would lean towards -1 on the request.
>
>I would prefer to give coverity access to developer that have
>established contribution on Xen ARM upstream.
>
>Artem, in the mail subject you mentioned "Embedded/Automotive team".
>Does it mean you are requesting coverity access for all the team?
>
>Regards,
>
>[1] 
>https://www.xenproject.org/developers/teams/embedded-and-automotive.html
>
>-- 
>Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-11-19 16:53 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-18 13:36 [COVERITY ACCESS] for Embedded/Automotive team Artem Mygaiev
2016-11-18 13:56 ` Andrew Cooper
2016-11-18 15:28   ` Konrad Rzeszutek Wilk
2016-11-18 20:55     ` Julien Grall
2016-11-19 16:53       ` Lars Kurth [this message]
2016-11-22 11:51         ` Julien Grall
2016-11-22 11:55           ` Lars Kurth
2016-11-22 13:06             ` Artem Mygaiev
2016-11-22 13:42             ` Andrew Cooper
2016-11-22 13:54               ` Artem Mygaiev
2016-11-28 10:27                 ` Lars Kurth
2016-11-28 11:01                   ` Artem Mygaiev
2016-11-29 14:21                     ` Artem Mygaiev
2016-11-29 14:27                       ` Julien Grall
2016-11-29 15:04                         ` Lars Kurth
2016-11-30 11:14                           ` Artem Mygaiev
2016-11-29 15:09                         ` Artem Mygaiev
2016-11-29 16:12                           ` Julien Grall
2016-11-29 18:19                           ` Stefano Stabellini
2016-11-30 11:15                             ` Artem Mygaiev
2016-11-30 19:10                               ` Stefano Stabellini
2016-11-30 19:21                           ` Andrew Cooper
2016-12-01 13:44                             ` Artem Mygaiev
2016-11-22  9:00       ` Artem Mygaiev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D456335B.306BC%lars.kurth@citrix.com \
    --to=lars.kurth@citrix.com \
    --cc=Andrew.Cooper3@citrix.com \
    --cc=joculator@gmail.com \
    --cc=julien.grall@arm.com \
    --cc=konrad.wilk@oracle.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.