On Tue, 11 Apr 2006, thilo wrote:
> >>>Coverity is a for-profit business. That they choose to give us 
> >>>_anything_,
> >>>is charity on their part.

> I somewhat disagree with that! Coverity uses the exposure in the public 
> for open source project to their benefit.
> THEY will claim who usefull their software is (not that I disagree to 
> this statement), but it is really for their own benefit.

Sure - I agree that they get a benefit from giving us access to their tools.

In fact, if you ever can't obviously identify the benefit someone gets
from doing something, that's a good time to get suspicious.

This situation is a win/win. Even though Coverity benefits from
(hopefully, positive) publicity, we get access to tools that would
otherwise cost money that the project might not have, or might put
towards i.e. better hardware for project servers.

> We however might benefit, but it would really serve a learning purpose 
> (which is part of the open source idea) if the bug are discovered in full.
> I kind of understand that excess traffic to their web-based interface is 
> difficult, but summary reports, that hightlight the
> issues are possible and should be published in the relevant mailing lists.

That's a good idea. I can summarize some right now.

A lot of the bugs found are allocation related: dereference of invalid
pointers, double frees or pointer overwrites - memory leaks.

Several of the ones I've looked at were in rare failure cases, so the leak
wouldn't amount to much, or happen often. That makes it easy to understand
why it hadn't been caught earlier - it never caused serious problems.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown