On Sun, Jun 09, 2024 at 12:49:57AM +0200, Timo Rothenpieler wrote: > On 08.06.2024 21:49, Vittorio Giovara wrote: > > On Sat, Jun 8, 2024 at 6:02 PM Michael Niedermayer > > wrote: > > > > > On Tue, May 14, 2024 at 01:38:16AM +0200, Michael Niedermayer wrote: > > > > Hi all > > > > > > > > To keep people updated (and as this is not vissible on the ML) > > > > heres my current list of issues marked as false positives / intentional > > > in Mai & April 2024 > > > > (in case anyone wants to review, i presume noone wants but just in case) > > > > > > updated list as of today: > > > [...] > > > > > Given the insane amount of them, I'm not a fan of that. also what i noticed since i work on the issues sometimes some issues dissappear and others appear (with no explanation and seemingly no related changes). Some issues contain multiple occurances, ive seen a very small number of issues where line numbers are missing. And one that pointed to a file outside FFmpeg. Mapping CIDs to some other tracker in a long term stable manner would likely be a painfull experience. Also the coverity web app shows more or less details about the detected issue within the source of FFmpeg in an interactive way. That of course would also change as the source changes over time, so it would not be available in another issue tracker that means the duplicated issues would still require one to go to coverity if one wanted to work on it. And last but not least coverity isnt intended to be public because it can find security issues. security issues should be public once they are fixed and maybe when someone is working on them. But not when the issues are ignored amongth hundreads of minor and false positive ones for years So, yes i share your sceptisism about making coverity issues appear in some other issue tracker thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is a danger to trust the dream we wish for rather than the science we have, -- Dr. Kenneth Brown