From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 231024921D for ; Tue, 6 Feb 2024 02:06:53 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1C56968D0D2; Tue, 6 Feb 2024 04:06:50 +0200 (EET) Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D010568CD10 for ; Tue, 6 Feb 2024 04:06:43 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id D6FB740003; Tue, 6 Feb 2024 02:06:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1707185203; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=recIjhxgHL+eWJ4chp3+B0QE2qma9PrI8fiBdLJn/xM=; b=KEGvBIeIIpYK8M6JDnYivTNj4dC7PXDvhWSNdJHYaBmuaIiUIiMoIKXpRTItgwi1e3uCj7 MpsQLUx0wLBSUt8iZfxUxQNKSUbNPjoq96Z9uzAioccNgO7inPe4yJHfX4OOLeo/o7UQaX LnRNlracBRZLPxprAx74yF279y8lXqzKumVOhXV489iC7x+nXqE/Ocv5RM/OM4O9Pzylab gkyIa8wa7p3y9yvyDsnEgWX+QRtcBpF5x+5wdueARN1/WLq5FHbGb6VOwyGEkNk0203XuI Z/XNQtem418y6Q/UfXzAi5JE45x5EP7ZpAUkefuzZWNDdTp8FIN73xpQS7fpHQ== Date: Tue, 6 Feb 2024 03:06:42 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240206020642.GW6420@pb2> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] STF SoWs X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: "Jonatas L. Nogueira" Content-Type: multipart/mixed; boundary="===============2769023599805561798==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============2769023599805561798== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="PKDTSFLzMW7rRxhH" Content-Disposition: inline --PKDTSFLzMW7rRxhH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all As Jonatan reminded the ML we need to provide SoWs if we want to participate in STF-SPI We need one for each project (they do not need to list a person ATM) but obviously we do need someone who will do the work I do belive they do need to list the money amount. Thanks go to Pierre for helping me write template/example. (converted from google docs and with some last minute edits) @Jonatan, is this below what SPI needs for each project ? STF SOW template 1. One line summary of the proposed work Classify and fix outstanding issues identified by Coverity 2. Description of the work Coverity is a static code analysis system that is used to analyze FFmpeg co= de to find bugs with an emphasis on quality and security issues. There are = currently 677 outstanding issues identified by Coverity (https://scan.cover= ity.com/projects/ffmpeg?tab=3Doverview). Some of these issues are false pos= itives while others could open the door to security vulnerabilities. The objective of this work is to identify the Coverity issues that are not = false positives, and fix as many as possible. 3. Milestones 1. Milestone 1 1. Description Review all outstanding Coverity issues and, for each one, determine whether= it is a false positive. 2. Deliverables List of both false positive and potentially real issues posted to the FFMPE= G dev mailing list. 3. Compensation XXXXX euros 2. Milestone 2 1. Description Fix 50% of the outstanding real issues 2. Deliverables Patches submitted for review to the FFMPEG dev mailing list. 3. Compensation XXXXX euros 3. Milestone 3 1. Description Fix 45% of the remaining outstanding real issues. The total number of issue= s addressed by Milestones 2 and 3 do not total 100% to account for issues t= hat are not practical to fix within the scope of this SOW and are deferred = to future work. 2. Deliverables Patches submitted for review to the FFMPEG dev mailing list. 3. Compensation XXXXX euros 4. Developer(s) Michael Niedermayer I work in Austria, and have been an active contributor to FFmpeg since 2001= =E2=80=93 22308 commits so far. My work on FFMPEG is regularly supported b= y third parties and I am one of the founders of fflabs. I am also familiar = with Coverity: I have fixed 563 issues out of 896 Coverity issues fixed in = the past (according to gitlog *1). I fixed over 2000 issues found by ossfuz= z. (*) git shortlog -s -n -i --no-merges --first-parent --grep 'fix.*\(CID\|cover= ity\)' --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No human being will ever know the Truth, for even if they happen to say it by chance, they would not even known they had done so. -- Xenophanes --PKDTSFLzMW7rRxhH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZcGULgAKCRBhHseHBAsP qzlfAJ0beZeM+vvTSMsNI4x0KnhjEMgPjwCfbQ3lNc3Ylf/nHrPrCptrPD66Vik= =acIT -----END PGP SIGNATURE----- --PKDTSFLzMW7rRxhH-- --===============2769023599805561798== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============2769023599805561798==--