[mythtv] status of MythTV wrt Coverity Scan
stuart at tase.co.uk
Thu May 10 00:18:40 UTC 2012
On Wednesday 09 May 2012 17:19:13 Eric Sharkey wrote:
> On Wed, May 9, 2012 at 4:37 PM, Eric Sharkey <eric at lisaneric.org> wrote:
> > I'll be sending login information to individuals shortly.
> Actually I'm not sure who, beyond Stuart, wants/needs/should have access.
> Coverity's position is that access should be restricted to official
> developers based on responsible disclosure rules for potential
> security vulnerabilities.
> On the other hand, there's nothing revealed here that anyone with a
> commercial Coverity license couldn't get own.
We should restrict it to official devs for now because it's not a read-only
thing and we don't want just anyone modifying the severity/resolution of
warnings. Much as the help would be appreciated we don't want the hard work of
triaging to be undone either accidentally or maliciously.
An official dev is anyone with a mythtv.org email address and we should sign
people up with those addresses.
More information about the mythtv-dev