Ethereal-dev: Re: [Ethereal-dev] Re: [Ethereal-cvs] rev 17504: /trunk/gtk/: main.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Gilbert Ramirez" <gram@xxxxxxxxxxxxxxx>
Date: Tue, 7 Mar 2006 19:58:00 -0600
That is, the alleged defect that Coverity found is not really a defect.

Basically, we're trading resources. The Coverity tool has discovered
some problem spots in our source code, but there's plenty of false
positives. So in return for the true positives, we supply Coverity
with our man-hours to find the false positives --- essentially
debugging the Coverity tool itself.

It's a good tradeoff if the true positives found by Coverity are
severe enough to be security bugs in Ethereal.

--gilbert

On 3/7/06, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> Gerald Combs wrote:
> > Coverity's software is nice in that it gives you ways to mark a defect
> > is invalid.  Quite a few entries in Ethereal's defect list have been
> > marked thusly.
> >
> >
> "a defect is invalid"?!?
>
> I still just don't get the point ...
>
> Regards, ULFL
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>