From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3B2B94B625 for ; Sun, 9 Jun 2024 22:02:38 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9FBE668D6B1; Mon, 10 Jun 2024 01:02:35 +0300 (EEST) Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1E26068D3E9 for ; Mon, 10 Jun 2024 01:02:28 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 31673C0002 for ; Sun, 9 Jun 2024 22:02:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1717970548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cW4aG+mJEBq1UAeYkQmgBz4e/YKZ9YcJ3d5GuOHh//w=; b=RgJwhV+te7Wm2AbBVKzIxb3BpdcQlkNricjgXzmF4HIyu1GPeXDWkr1JZk2UJf9q7dKwDp lDdtfta083Bj9c6IzT0yad3q+Yvh4OAMnFsQuUsCUe9yMQJI8GKk76qABk75eiKVqIwduJ eXWdZJ/VbYvlku0J4cJmoVCYpc2zBgBvp64vf6fL6P/weeRP5U68CB6wVLoYzj9lJ4ceU5 lJQP4YRkcxO0AW5X9MBDBchnjUOxwP6O5SRZDpHOQojwYgW7nxStvjCFRWYsupyaF/pVUp dznDzKA3YtTSjG1QrTOo+CJcwtLokjopBElGf5u3uJgFMVwpBvTF1liREFEB5Q== Date: Mon, 10 Jun 2024 00:02:27 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240609220227.GY2821752@pb2> References: <20240513233816.GL6420@pb2> <20240608160143.GW2821752@pb2> MIME-Version: 1.0 In-Reply-To: X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [WIP] False positives on Coverity X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============6949672316967277120==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============6949672316967277120== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4aPahFyGg++yPLwE" Content-Disposition: inline --4aPahFyGg++yPLwE Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 09, 2024 at 12:49:57AM +0200, Timo Rothenpieler wrote: > On 08.06.2024 21:49, Vittorio Giovara wrote: > > On Sat, Jun 8, 2024 at 6:02=E2=80=AFPM Michael Niedermayer > > wrote: > >=20 > > > On Tue, May 14, 2024 at 01:38:16AM +0200, Michael Niedermayer wrote: > > > > Hi all > > > >=20 > > > > To keep people updated (and as this is not vissible on the ML) > > > > heres my current list of issues marked as false positives / intenti= onal > > > in Mai & April 2024 > > > > (in case anyone wants to review, i presume noone wants but just in = case) > > >=20 > > > updated list as of today: > > > [...] > > >=20 >=20 > Given the insane amount of them, I'm not a fan of that. also what i noticed since i work on the issues sometimes some issues dissappear and others appear (with no explanation and= seemingly no related changes). Some issues contain multiple occurances, ive seen a very small number of issues where line numb= ers are missing. And one that pointed to a file outside FFmpeg. Mapping CIDs to some other tracker in a long term stable manner would likel= y be a painfull experience. Also the coverity web app shows more or less details about the detected issue within the source of FFmpeg in an interactive way. That of course wou= ld also change as the source changes over time, so it would not be available in another issue tra= cker that means the duplicated issues would still require one to go to coverity if one wanted to work on it. And last but not least coverity isnt intended to be public because it can find security issues. security issues should be public once they are fixed and maybe when someone is working on them. But not when the issues are igno= red amongth hundreads of minor and false positive ones for years So, yes i share your sceptisism about making coverity issues appear in some other issue tracker thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is a danger to trust the dream we wish for rather than the science we have, -- Dr. Kenneth Brown --4aPahFyGg++yPLwE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZmYmbwAKCRBhHseHBAsP q2rAAJ4jzZBGLfvAr2OiDLeY160M1zPB1ACeLRmBSVGqEovhwGQdo1eHS0zYvYE= =tbGG -----END PGP SIGNATURE----- --4aPahFyGg++yPLwE-- --===============6949672316967277120== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============6949672316967277120==--