On Wed, May 30, 2012 at 7:33 AM, Stuart Morgan <email@example.com> wrote: > On Monday 07 May 2012 16:54:00 Eric Sharkey wrote:
>> Since everyone seemed to want master, I did master. I only did the
>> core mythtv sources, not the plugins. Is there any reason not to go
>> ahead and submit this to Coverity tonight?
> Can we get the plugins included in the next run?
Yes. I just need to script it into a single build. I've been a bit
under the weather lately and spent most of the last weekend on the
couch. > Also more information about what we need to do to feed in updated
> source/builds from buildbot would be good. Exactly what do they need from a
> build? Do they pull from us or do we upload to them? This can go off list if
We push a URL to them which they then download.
For scripting into an automated build, they recommended curl for this:
curl --data "project=PROJECT&password=YOURPASSWORD&email=YourEmail&url=YourDownloadLocation" http://scan5.coverity.com/cgi-bin/submit_build.py
PROJECT is MythTV (case sensitive). I'll send the value of
YOURPASSWORD off list.
Some comments from Dakshesh at Coverity:
I noted that the defects arising from the files /external/.* and
/usr/include/qt4, were set as "Ignore"
There is much easy way to do that, we can simply create a component
'external' with all the files under /exclude/.* folder and will be
used for analysis, but will be ignored for defects.
I have created 4 components external (/external/.*) , qt4
(/usr/include/qt4), programs (/programs/.*), and user_include
(/usr/include/.*), and set not to show defects from 2 components
external and usr_include components, that will get rid off 400
defects. This can be done at the way beginning as well when we first
create the project.
And, it will not show the defects from those component at all in the reports/UI.
Let me know if you have any further questions or need clarification.
From my Google alert, I came across this blog about Coverity SCAN and
I noticed that there was a discussion about "read-only user".
Most of our Customers usually have Maintainer-user and read-only
users, where 'Maintainer-user' can view defects; triage the defects
AND assign the defects to others user, whereas 'read-only users' can
only view the defects(no triage). 'read-only users' fixes the Source
Code based on triage action decided by Maintainer/Developer user.
Currently we do NOT have 'read-only user' feature in Coverity SCAN,
which is dedicated only for Open Source project.
We can probably provide this by adding checkbox in create user screen
to create user with read-only permission.
Let me know if the discussion was about 'read-only user' in SCAN, and
if you guys are interested, we can add that in Coverity SCAN.
I haven't yet gotten back to him wrt either of these.
I don't think the read-only user as described above would be quite
right for MythTV's needs. Ideally, there should be a guest account
that is able to triage bugs but only into certain categories. (e.g. a
guest user should be able to move a defect report from Unclassified to
"Probable Bug" or "Probable False Positive" but not change the status
of a defect already classified as Bug/FP and not be able to classify
defects as Bug/FP.) This would allow anyone to participate in the
triage process without interfering with developer actions.
mythtv-dev mailing list