[FFmpeg-devel] [WIP] False positives on Coverity
Vittorio Giovara
vittorio.giovara at gmail.com
Mon Jun 10 15:45:14 EEST 2024
On Mon, Jun 10, 2024 at 2:41 PM Timo Rothenpieler <timo at rothenpieler.org>
wrote:
> > In either case, my point is that email is not a good system for these
> > reports, because they cannot be tracked nor analyzed, and if they do
> pose a
> > security risk they shouldn't be advertised so openly. Having a small
> bounty
> > with STM funds would probably be a more efficient way at fixing them than
> > asking people to take a look at them on the ML.
>
> I'm not sure what you mean.
> E-Mail is not the primary system for these reports.
>
I'm referring to Micheal's email with the list of latest reports.
They're just notifications about new stuff, with a rough summary of each
> issue, if there aren't too many.
> The primary way to track and handle them is via their website.
>
Again, the one that not everybody has access to, despite being available.
If there is any actual interest in fixing them I'm saying we should make
them more visible and more accessible, that's all. If they are mostly false
positives, then why are we even talking about them?
--
Vittorio
More information about the ffmpeg-devel
mailing list