[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Artem Mygaiev <joculator@xxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Fri, 18 Nov 2016 14:55:21 -0600
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Lars Kurth <lars.kurth@xxxxxxxxxx>
Delivery-date: Fri, 18 Nov 2016 20:55:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hello,

On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote:

On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote:

On 18/11/16 13:36, Artem Mygaiev wrote:

Hello

I would like to request access to Coverity Scan project. Hereby, I:
 - agree to follow the security response process.
 - undertake to report security issues discovered to the security team
(security@xxxxxxxxxxxxxx) within 3 days of discovery.
 - agree to disclose the issue only to the security team and not to
any other third party
 - waive their (security team) right to select the disclosure time
line. Discoveries will follow the default time lines given in the
policy.

We work with Xen on ARM since 2012. Our primary goal is to introduce
Xen for embedded and in particular in automotive SW domains. Our
current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV
drivers development (audio, video, input, etc.), co-processors support
and trusted environment support through OP-TEE integration. All of our
work is public and published in OSS mailing lists. We would like to
contribute in stability of Xen overall and Xen on ARM in particular
since this is absolutely critical for most of embedded applications.


I don't have an objection in principle.  However, I doubt you will find
access useful.

Because of the restriction of only being permitted a single Coverity
stream, it is only the x86 build which is submitted for analysis.  To
submit builds for separate architectures, we need alternative streams.
I already requested this but the request was denied.


Perhaps Artem doing it - along with linking to this thread could
sway their minds? (Hi Coverity folks!)

Coverity has been proven useful on x86 to catch some bugs. A such thingswould be nice for ARM too. Is there anything we can do to get coveritytesting ARM? (CC Lars).


+1 on the request.

In the current state and regardless whether coverity supports ARM, Iwould lean towards -1 on the request.

I would prefer to give coverity access to developer that haveestablished contribution on Xen ARM upstream.

Artem, in the mail subject you mentioned "Embedded/Automotive team".Does it mean you are requesting coverity access for all the team?


Regards,

[1] https://www.xenproject.org/developers/teams/embedded-and-automotive.html

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
  - From: Artem Mygaiev
- Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
  - From: Lars Kurth

References:
- [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
  - From: Artem Mygaiev
- Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
  - From: Andrew Cooper
- Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
  - From: Konrad Rzeszutek Wilk

Prev by Date: Re: [Xen-devel] Define a new Wiki part for Xen Project.
Next by Date: Re: [Xen-devel] Error regarding filesystem in Dom0 in lager board
Previous by thread: Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
Next by thread: Re: [Xen-devel] [COVERITY ACCESS] for Embedded/Automotive team
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.