anyone still have access to the coverity scan results?
Access to the Python results is currently down, but has anyone actually accessed the Coverity scan results any time recently? Or who even has access anymore?
If it is determined that nobody has access any more I can ping one of my contacts at Coverity.
On Tue, Jan 18, 2011 at 4:52 PM, Brett Cannon brett@python.org wrote:
Access to the Python results is currently down, but has anyone actually accessed the Coverity scan results any time recently? Or who even has access anymore? _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
Might have you ping them regardless because I am willing to bet that they never moved over to py3k and are still scanning trunk (if they are scanning at all). But obviously wait until we know if someone does have access and exactly what they are scanning.
On Tue, Jan 18, 2011 at 18:54, Guido van Rossum guido@python.org wrote:
If it is determined that nobody has access any more I can ping one of my contacts at Coverity.
On Tue, Jan 18, 2011 at 4:52 PM, Brett Cannon brett@python.org wrote:
Access to the Python results is currently down, but has anyone actually accessed the Coverity scan results any time recently? Or who even has access anymore? _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
-- --Guido van Rossum (python.org/~guido)
I guess we'd also have to point them to the Hg servers (once we are using Hg -- but that's a rant for a different day :-). I've pinged my direct contact there to get in touch with whoever's in charge of scanning open source projects.
On Tue, Jan 18, 2011 at 7:12 PM, Brett Cannon brett@python.org wrote:
Might have you ping them regardless because I am willing to bet that they never moved over to py3k and are still scanning trunk (if they are scanning at all). But obviously wait until we know if someone does have access and exactly what they are scanning.
On Tue, Jan 18, 2011 at 18:54, Guido van Rossum guido@python.org wrote:
If it is determined that nobody has access any more I can ping one of my contacts at Coverity.
On Tue, Jan 18, 2011 at 4:52 PM, Brett Cannon brett@python.org wrote:
Access to the Python results is currently down, but has anyone actually accessed the Coverity scan results any time recently? Or who even has access anymore? _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
-- --Guido van Rossum (python.org/~guido)
My coverity contact wrote back:
""" Sure, the main contact is David Maxwell and he's reachable via scan@coverity.com though if that doesn't work you can always just try dmaxwell@coverity.com - they can give you access and update ... whatever - he also is more up to date on where we are in moving the open source projects over to our new version (there's a pretty time consuming migration involved among all the projects). Maybe he can set up Python 3 directly on the new version - I'm not really sure how they are handling all that... """
OK, I will handle it.
On Wed, Jan 19, 2011 at 11:21, Guido van Rossum guido@python.org wrote:
My coverity contact wrote back:
""" Sure, the main contact is David Maxwell and he's reachable via scan@coverity.com though if that doesn't work you can always just try dmaxwell@coverity.com - they can give you access and update ... whatever - he also is more up to date on where we are in moving the open source projects over to our new version (there's a pretty time consuming migration involved among all the projects). Maybe he can set up Python 3 directly on the new version - I'm not really sure how they are handling all that... """
-- --Guido van Rossum (python.org/~guido)
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
Or would this be seen as favoring one vendor? I don't see other people lining up to validate the developers' code, but nor do I want to step on anyone's toes. Maybe python-dev is a better place for this discussion, or maybe Guido should just talk to Van and/or Jesse and short-circuit about thirty-five "+1" responses.
Or not.
regards Steve
On Jan 19, 2011, at 3:27 PM, Brett Cannon wrote:
OK, I will handle it.
On Wed, Jan 19, 2011 at 11:21, Guido van Rossum guido@python.org wrote:
My coverity contact wrote back:
""" Sure, the main contact is David Maxwell and he's reachable via scan@coverity.com though if that doesn't work you can always just try dmaxwell@coverity.com - they can give you access and update ... whatever - he also is more up to date on where we are in moving the open source projects over to our new version (there's a pretty time consuming migration involved among all the projects). Maybe he can set up Python 3 directly on the new version - I'm not really sure how they are handling all that... """
-- --Guido van Rossum (python.org/~guido)
python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
On Wed, Jan 19, 2011 at 17:44, Steve Holden steve@holdenweb.com wrote:
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
This may be a bit premature. Last time the scan had a bunch of false-positives, so while it found errors it was a bit of work to go through. Not sure if there is anything new and useful lately.
Then again free registration is cheap.
Or would this be seen as favoring one vendor? I don't see other people lining up to validate the developers' code, but nor do I want to step on anyone's toes.
Klocwork did, but the site that hosted their results no longer responds and Neal Norwitz was the only person with access.
Maybe python-dev is a better place for this discussion, or maybe Guido should just talk to Van and/or Jesse and short-circuit about thirty-five "+1" responses.
I just don't know how useful it would be. The results of the scan are what they are. Even if I am the only person with access, I have received enough PyCon financial aide to be at the sprints for the first two full days so I can always dole out responsibilities on the spot.
-Brett
Or not.
regards Steve
On Jan 19, 2011, at 3:27 PM, Brett Cannon wrote:
OK, I will handle it.
On Wed, Jan 19, 2011 at 11:21, Guido van Rossum guido@python.org wrote:
My coverity contact wrote back:
""" Sure, the main contact is David Maxwell and he's reachable via scan@coverity.com though if that doesn't work you can always just try dmaxwell@coverity.com - they can give you access and update ... whatever - he also is more up to date on where we are in moving the open source projects over to our new version (there's a pretty time consuming migration involved among all the projects). Maybe he can set up Python 3 directly on the new version - I'm not really sure how they are handling all that... """
-- --Guido van Rossum (python.org/~guido)
python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
Le mercredi 19 janvier 2011 à 20:44 -0500, Steve Holden a écrit :
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
I'm not sure hanging around during a sprint is the best way to share knowledge with the python-dev community, a large part of which won't attend the sprints.
Besides, if the coverity results are private and limited to a couple of core devs, I don't think other sprinters will benefit a lot from such "education". Or do you have something particular in mind?
Regards
Antoine.
Antoine Pitrou solipsis@pitrou.net wrote:
Besides, if the coverity results are private and limited to a couple of core devs, I don't think other sprinters will benefit a lot from such "education". Or do you have something particular in mind?
What is the status of the scans? Does anyone have access by now? For example, I'm curious to see the results for Modules/_decimal/*, Modules/_decimal/libmpdec/* and Objects/memoryobject.c.
Stefan Krah
Am 18.08.2012 11:53, schrieb Stefan Krah:
Antoine Pitrou solipsis@pitrou.net wrote:
Besides, if the coverity results are private and limited to a couple of core devs, I don't think other sprinters will benefit a lot from such "education". Or do you have something particular in mind?
What is the status of the scans? Does anyone have access by now? For example, I'm curious to see the results for Modules/_decimal/*, Modules/_decimal/libmpdec/* and Objects/memoryobject.c.
Yup, my login still works. I can send you a CSV or XML report if you like.
Christian
Christian Heimes lists@cheimes.de wrote:
Yup, my login still works. I can send you a CSV or XML report if you like.
Thanks, got the CSV!
If anyone has the possibility to create new accounts, I would like to apply for one.
Stefan Krah
Am 18.08.2012 15:08, schrieb Stefan Krah:
Christian Heimes lists@cheimes.de wrote:
Yup, my login still works. I can send you a CSV or XML report if you like.
Thanks, got the CSV!
If anyone has the possibility to create new accounts, I would like to apply for one.
Who usually uploads the necessary files to coverity? The current files are rather old (patchlevel.h says 3.3.0a0). I was able to create the report files but the files must be uploaded to a registered location.
Christian
On Sat, 18 Aug 2012 17:01:10 +0200, Christian Heimes lists@cheimes.de wrote:
Am 18.08.2012 15:08, schrieb Stefan Krah:
Christian Heimes lists@cheimes.de wrote:
Yup, my login still works. I can send you a CSV or XML report if you like.
Thanks, got the CSV!
If anyone has the possibility to create new accounts, I would like to apply for one.
Who usually uploads the necessary files to coverity? The current files are rather old (patchlevel.h says 3.3.0a0). I was able to create the report files but the files must be uploaded to a registered location.
It is quite possible the server migration of the hg repo broke some automated upload script. I'm just guessing, though.
--David
On Sat, Aug 18, 2012 at 11:01 AM, Christian Heimes lists@cheimes.de wrote:
Am 18.08.2012 15:08, schrieb Stefan Krah:
Christian Heimes lists@cheimes.de wrote:
Yup, my login still works. I can send you a CSV or XML report if you
like.
Thanks, got the CSV!
If anyone has the possibility to create new accounts, I would like to
apply
for one.
Who usually uploads the necessary files to coverity? The current files are rather old (patchlevel.h says 3.3.0a0). I was able to create the report files but the files must be uploaded to a registered location.
I think I'm still listed as the main contact and I never uploaded anything. I believe Coverty pulls the files in themselves.
On Sun, Aug 19, 2012 at 11:56 AM, Brett Cannon brett@python.org wrote:
On Sat, Aug 18, 2012 at 11:01 AM, Christian Heimes lists@cheimes.dewrote:
Am 18.08.2012 15:08, schrieb Stefan Krah:
Christian Heimes lists@cheimes.de wrote:
Yup, my login still works. I can send you a CSV or XML report if you
like.
Thanks, got the CSV!
If anyone has the possibility to create new accounts, I would like to
apply
for one.
Who usually uploads the necessary files to coverity? The current files are rather old (patchlevel.h says 3.3.0a0). I was able to create the report files but the files must be uploaded to a registered location.
I think I'm still listed as the main contact and I never uploaded anything. I believe Coverty pulls the files in themselves.
So when trying to log in (which didn't work; Coverty has changed this system so many times I don't what username/password works anymore) there was a notice that how you submit code has changed:
At the same time, we also have changes in the process to submit the build to Coverity Scan for Open Source Projects.
- With the new version, there are three steps to analyze a codebase:
build, analyze, and commit.
- You do the build step, then tar up the intermediate representation and
stick it somewhere we can get it by http. 2. Our scripts wget it, analyze it, commit it to the DB and send you an email.
The link to their build tools is http://scan.coverity.com/self-build/ . So it looks like we have to give them the files to analyze now after we have built them with their tool chain on LInux.
Am 19.08.2012 18:02, schrieb Brett Cannon:
The link to their build tools is http://scan.coverity.com/self-build/ . So it looks like we have to give them the files to analyze now after we have built them with their tool chain on LInux.
Yes, that's what I'm talking about. It took me a while to figure out the correct URL and my password, too. The new version of coverity doesn't pull the changes automatically. Instead you have to compile the code with a custom build system and provide a download link for the results:
Coverity Scan Self-Build - updated July 2012
Coverity build tool link is:
Linux-64 6.0.2
Linux-32 6.0.2
Downloading and building Do once:
Download and extract the tarball
Add the bin directory to your path
Do for each build:
cd to your build directory
optional: Run any build steps that you don't want to analyze –
i.e. ./configure cov-build --dir cov-int [BUILD CMD and ARGS] Create a README file with your name, email, and project's name tar czvf project.tgz README cov-int Upload the project.tgz to your server
For your first build, after making the archive file available on a server, send the URL for it to scan-admin@coverity.com. Once we sort out any issues with the archive processing, you will get project name, and password to submit builds automatically whenever you like. Submitting self-builds Enter project name, password, email and download URL here: http://scan.coverity.com/submit.html
http://scan.coverity.com/self-build/6.0.2/cov-analysis-linux64-6.0.2.tar.gz http://scan.coverity.com/self-build/6.0.2/cov-analysis-linux32-6.0.2.tar.gz
I've tried to upload my build of Python's py3k head but the system doesn't recognize my password for the upload process. I guess we need to get a different password for the upload process. Or you could try your login data. Perhaps I don't have the necessary permissions. My build is available at http://dl.dropbox.com/u/19557108/project.tgz
Christian
On 20.01.2011 02:44, Steve Holden wrote:
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
Or would this be seen as favoring one vendor?
I would see nothing wrong with it, and getting this person in the conference may allow people to chat in person. Coverity has offered this free service, and even though they also had promotion of their product in mind, they actually do demonstrate a real interest in free software.
Regards, Martin
Le dimanche 19 août 2012 à 21:15 +0200, "Martin v. Löwis" a écrit :
On 20.01.2011 02:44, Steve Holden wrote:
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
Or would this be seen as favoring one vendor?
I would see nothing wrong with it, and getting this person in the conference may allow people to chat in person. Coverity has offered this free service, and even though they also had promotion of their product in mind, they actually do demonstrate a real interest in free software.
I don't know where Steve's message was posted (I can't see it in the archives or in my inbox). It seems this would be not only favoring a vendor, but favoring someone who doesn't participate in the community (unless we have a contributor who is also a Coverity employee). And it would favour one (US) Python conference over other non-US conferences, since typically sprints don't get recorded for remote viewing.
Regards
Antoine.
On Aug 19, 2012 3:16 PM, Martin v. Löwis martin@v.loewis.de wrote:
On 20.01.2011 02:44, Steve Holden wrote:
Could we consider offering a complimentary PyCon registration to a member of the Coverity team as an encouragement to have someone around during the sprints? I am sure that much useful informal education would take place, benefiting many sprints, if we enable it and just let things happen.
Or would this be seen as favoring one vendor?
I would see nothing wrong with it, and getting this person in the conference may allow people to chat in person. Coverity has offered this free service, and even though they also had promotion of their product in mind, they actually do demonstrate a real interest in free software.
I believe coverty is/was paid by a branch of the US government to do this in the name of security for key software.
Regards, Martin
Le mardi 18 janvier 2011 à 16:52 -0800, Brett Cannon a écrit :
Access to the Python results is currently down, but has anyone actually accessed the Coverity scan results any time recently? Or who even has access anymore?
gcc-4.6 emits new warnings: it would be interesting to analyze them. Even if gcc-4.6 -O3 generates invalid code :-) I opened an issue with the warnings: http://bugs.python.org/issue10951
For the gcc 4.6 bug, see: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47271
Victor
participants (9)
-
"Martin v. Löwis" -
Antoine Pitrou -
Brett Cannon -
Christian Heimes -
Guido van Rossum -
R. David Murray -
Stefan Krah -
Steve Holden -
Victor Stinner