[FFmpeg-devel] coverity testing of FFmpeg

Michael Niedermayer michael at niedermayer.cc
Sun Nov 27 23:52:13 EET 2016

On Sun, Nov 27, 2016 at 11:00:21AM -0800, Philip Langdale wrote:
> Hash: SHA1
> On Sat, 26 Nov 2016 23:55:17 +0100
> Michael Niedermayer <michael at niedermayer.cc> wrote:
> > Hi all
> > 
> > The machine on which the coverity stuff is is old, both hw and OS.
> > the OS will no longer get security updates in a few months and the hw
> > does not always boot and its switched off most of the time.
> > and it has no other use anymore than running coverity. Ive tried
> > to find someone a while ago to take coverity testing over and i
> > thought timothy would maybe do it but he seems to not have had any
> > time to look into it ...
> > and de facto ive not run it regularly in the recent months.
> > So this is kinda a louder announcement that if you care about coverity
> > testing, you need to do something ...
> > 
> > thx
> > 
> > PS: work would involve installing every optional dependancy of FFmpeg
> > (and keep them updated as needed)
> > and regularly either manually or automatically git pull, build with
> > the coverity tools and upload Its not a huge amount of work but it is
> > work
> > 
> Hi Michael,
> I think we could do this using travis-ci.
> https://scan.coverity.com/travis_ci
> travis can be directly connected to the github mirror and then we set
> up a coverity job as covered in this doc.
> It wouldn't even need to be configured to build - just run the coverity
> scan. I'd be happy to investigate this, but I'd need admin permissions
> on github to configure travis integration.

what changes need to be done on github to make this work
if you tell me the settings for the webhook (assumig its one)
i can enable that.

I dont want to give a automated travis_ci system any write or admin
access, some of what i read hinted in that direction, some of what
i read hinted that this was not needed though
giving a automated system write access would be a security issue and
we should not do that

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161127/a5a4724c/attachment.sig>

More information about the ffmpeg-devel mailing list