saso wrote:Or are you maybe warming up to fix all 237 Unchecked dynamic_cast issues at once?
Well, I've done about a dozen this evening between other things
Do you think the CIDs are going to persist when/if we get a FreeCAD Coverity account? I'm assuming this one is just yours for experimenting, so if people like it we'll end up with a general FreeCAD Coverity account?
True, it is a good question and I did look a bit around on this topic in the past...
First thing to note is that Coverity, from its workflow, is not similar to for example Travis or AppVeyor, it is not really connected to github (or other repo) and is not doing any automatic building or monitoring of the code changes by itself. It is set up at the moment under my account because I had to made an account to start with it and because I have tried to set it up with my Travis, this would make the uploading of new builds to Coverity a bit more automatic and easier, but unfortunately after first few successful builds it is now simply to slow (goes over my 90 min limit on Travis) so I am now doing it manually (in an VM to keep it clean and pulling directly from FC master). So Coverity is just this database that we login to, and I have seen with other projects, that it should be possible to just transfer the ownership of it and keep everything as it is including all the history... But I have not yet asked the Coverity support about it, so I am not 100% sure.
Second, and I am also not sure about this one
, it does seem as if Coverity is tracking this issues globally, by file or function (?), because if you browse a bit around our project you will find some comments from folks that are not part of our project and they are on issues that are from 3rd party libs, so someone else that is using the same libs (or the original authors) also seems to have used Coverity and now we can see their triage. So like a global action to both automatically and manually review and fix all of the open source code?
But this is just an observation from my side, I am not really sure about it and don't know what would happen with our current CIDs if we start another FreeCAD project on Coverity.
The general idea with Coverity however is that there should be just one project and people join to work on it together. Another thing to understand with Coverity is that originally it was created mostly for security reasons and it is why it is by default set up so that it is quite restricted to who has access to it and how much access someone has. This is somewhat less critical for a project like FreeCAD, but for example imagine if a critical vulnerability is found by it in a project like Python or LibreOffice. I have open it up now a bit more in hope that it could get a bit more used and useful for us but the general restrictions remain.
I don't code a lot, so most of the issues go over my head, but I am willing to help with creating new builds and manage it if it can be useful and I am also ok to transfer the ownership at any time