On Wed, Jan 31, 2024 at 09:55:00PM +0000, Kieran Kunhya wrote: > On Wed, 31 Jan 2024 at 21:45, Derek Buitenhuis > wrote: > > > On 1/30/2024 1:48 AM, Michael Niedermayer wrote: > > > https://trac.ffmpeg.org/wiki/SponsoringPrograms/STF/2024 > > > > Not to derail this fine thread, but what forks does the Merge Forks > > project refer to? > > > > - Derek > > > > I also added a note that 70 USD for coverity is way too much. I picked a > random issue 1503073 and within a minute saw that it was a false positive. > I don't deserve 70USD for that. you forgot to add yourself with a lower price its weak to claim something expensive (which is true) but not willing to do the work at a lower price about antons comment "Objections: (Anton) Coverity (and other static analysis tools) are notoriously prone to false positives. I am concerned that this might lead to a large number of patches that "fix" such false positives, but make the code worse." It was me years ago who brought the number of coverity issues down to a small number. It has exploded since. anton, where does this misstrust come from ? When i did all that fixing of covertiy issues long ago i closed many i think about 1/3 where real issues IIRC 2/3 where false positves or "intended" i closed the false positives and marked them accordingly as false or intended or whatever was correct. Why should i suddenly do something different ? I did it for 100% free back then and here it wouldnt even make sense, closing false positives also counts as resolved. Its less work even to get 70USD ;) and about the 70 USD. Its a point at which i hoped someone else would add himself, apparently its enough someone complains but noone wants to do it still. hmm and about 1min, the average time it takes to analyze issues is definitly going to be above this unless the issues look very different than previosuly though also you will surely find a dozen similar ones where you can close each in 5sec. on average 30min per issues with all analysis, double checking documentation 1/3 of the time writing a patch, testing and submitting is more real. So you could make 140USD per hour IMHO at 70USD per issue I think thats realistic unless the issues are different now than years ago (the 30min estimate includes a saftey factor which one has to include for this kind of work) thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Modern terrorism, a quick summary: Need oil, start war with country that has oil, kill hundread thousand in war. Let country fall into chaos, be surprised about raise of fundamantalists. Drop more bombs, kill more people, be surprised about them taking revenge and drop even more bombs and strip your own citizens of their rights and freedoms. to be continued