Today, I've taken a quick look at the coverity stuff, because so far I've only
seen coverity reports on the Iu code. I see now that actually all of the other
osmocom components are also tested by coverity.
So far I'm only seeing the "Osmocom" coverity project, which contains only
the
iu build. In fact that's a bit of a misnomer -- I assumed that "Osmocom"
would
contain all of the osmos, it should be more like 'Osmocom-3G' or
'Osmocom-Iu'.
The other osmos are in coverity projects named "libosmocore",
"osmo-bts", etc:
https://scan.coverity.com/projects?utf8=%E2%9C%93&search=osmo
I see there are "add me to project" buttons e.g. here
https://scan.coverity.com/projects/libosmocore
so I'm trying that now.
Wouldn't it make sense to redirect all the coverity reports to a mailing list?
Probably best would be a new mailing list, to avoid noise on openbsc@, like the
gerrit-log@ list.
Are these coverity reports a matter of secrecy, to avoid publishing security
holes before we fixed them, in which case the coverity mailing list should be
invite-only?
~Neels