From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: "Jonatas L. Nogueira" <jesusalva@spi-inc.org>
Subject: [FFmpeg-devel] STF SoWs
Date: Tue, 6 Feb 2024 03:06:42 +0100
Message-ID: <20240206020642.GW6420@pb2> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2805 bytes --]
Hi all
As Jonatan reminded the ML we need to provide SoWs if we want to
participate in STF-SPI
We need one for each project (they do not need to list a person ATM)
but obviously we do need someone who will do the work
I do belive they do need to list the money amount.
Thanks go to Pierre for helping me write template/example.
(converted from google docs and with some last minute edits)
@Jonatan, is this below what SPI needs for each project ?
STF SOW template
1. One line summary of the proposed work
Classify and fix outstanding issues identified by Coverity
2. Description of the work
Coverity is a static code analysis system that is used to analyze FFmpeg code to find bugs with an emphasis on quality and security issues. There are currently 677 outstanding issues identified by Coverity (https://scan.coverity.com/projects/ffmpeg?tab=overview). Some of these issues are false positives while others could open the door to security vulnerabilities.
The objective of this work is to identify the Coverity issues that are not false positives, and fix as many as possible.
3. Milestones
1. Milestone 1
1. Description
Review all outstanding Coverity issues and, for each one, determine whether it is a false positive.
2. Deliverables
List of both false positive and potentially real issues posted to the FFMPEG dev mailing list.
3. Compensation
XXXXX euros
2. Milestone 2
1. Description
Fix 50% of the outstanding real issues
2. Deliverables
Patches submitted for review to the FFMPEG dev mailing list.
3. Compensation
XXXXX euros
3. Milestone 3
1. Description
Fix 45% of the remaining outstanding real issues. The total number of issues addressed by Milestones 2 and 3 do not total 100% to account for issues that are not practical to fix within the scope of this SOW and are deferred to future work.
2. Deliverables
Patches submitted for review to the FFMPEG dev mailing list.
3. Compensation
XXXXX euros
4. Developer(s)
Michael Niedermayer <michael-ffwork@niedermayer.cc>
I work in Austria, and have been an active contributor to FFmpeg since 2001 – 22308 commits so far. My work on FFMPEG is regularly supported by third parties and I am one of the founders of fflabs. I am also familiar with Coverity: I have fixed 563 issues out of 896 Coverity issues fixed in the past (according to gitlog *1). I fixed over 2000 issues found by ossfuzz.
(*)
git shortlog -s -n -i --no-merges --first-parent --grep 'fix.*\(CID\|coverity\)'
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next reply other threads:[~2024-02-06 2:06 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-06 2:06 Michael Niedermayer [this message]
2024-02-06 14:18 ` Ronald S. Bultje
2024-02-06 15:04 ` Vittorio Giovara
2024-02-06 15:14 ` Michael Niedermayer
2024-02-06 15:21 ` Ronald S. Bultje
2024-02-06 15:26 ` Michael Niedermayer
2024-02-06 15:41 ` Michael Niedermayer
2024-02-06 16:04 ` Niklas Haas
2024-02-06 17:02 ` Ronald S. Bultje
2024-02-06 18:17 ` Michael Niedermayer
2024-02-06 18:48 ` Paul B Mahol
2024-02-07 12:16 ` Nicolas George
2024-02-07 13:11 ` Rémi Denis-Courmont
2024-02-06 20:53 ` Ronald S. Bultje
2024-02-06 21:23 ` Michael Niedermayer
2024-02-06 21:39 ` Ronald S. Bultje
2024-02-06 23:04 ` Michael Niedermayer
2024-02-07 1:38 ` Ronald S. Bultje
2024-02-07 12:58 ` Michael Niedermayer
2024-02-07 13:08 ` Ronald S. Bultje
2024-02-07 14:44 ` Michael Niedermayer
2024-02-07 17:31 ` Ronald S. Bultje
2024-02-08 4:08 ` Michael Niedermayer
2024-02-07 19:01 ` Leo Izen
2024-02-07 19:53 ` Michael Niedermayer
2024-02-08 12:32 ` Nicolas George
2024-02-08 12:42 ` epirat07
[not found] ` <1C84A3B8-51FD-4E46-8A61-B0A047606152@cosmin.at>
2024-02-07 2:28 ` Cosmin Stejerean via ffmpeg-devel
2024-02-06 18:48 ` Niklas Haas
2024-02-06 15:59 ` Niklas Haas
2024-02-06 14:57 ` Vittorio Giovara
2024-02-06 15:25 ` Michael Niedermayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240206020642.GW6420@pb2 \
--to=michael@niedermayer.cc \
--cc=ffmpeg-devel@ffmpeg.org \
--cc=jesusalva@spi-inc.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git