[Fedora-infrastructure-list] coverity code checker in Extras

[Max Spevack]

The folks over at Coverity have offered to allow Fedora Extras to use 
their services, and would like a yes or no.  Rather than make this 
decision in a vacuum, I believe that the Fedora Extras Steering Committee 
has earned the right to make this decision for themselves.

If we can get a decision by the end of the week, that would be great.

What follows is my own analysis, for whatever it's worth.

PROS

+ It's good technology, and has been used in Linux projects previously 
with success.  Google "coverity linux" or something similar.

+ If we act on the results, it could be a great boon for the FE code 
quality in general.

+ It doesn't cost us anything.

+ It forms a relationship between Coverity and Red Hat, and sets the table 
for more work partnership later, if things go well.

+ Bugs are bugs, and flaws are flaws.  We should be happy to know about 
them, however they are found, and we should fix them.

CONS

+ It's not open source, but there is no free alternative that can do the 
same thing.

+ We need to make sure it doesn't disrupt or break our build system too 
much.  So that will require some technical work and time from certain 
folks.

My gut is that we should say that we're interested, and start hashing out 
the technical details of how it will all work with them.

If we go ahead, I think that in addition to the Board, someone in FESCO 
needs to "own" this and be our point person for technical questions, etc.

Thanks,
Max

-- 
Max Spevack
+ http://fedoraproject.org/wiki/MaxSpevack
+ gpg key -- http://spevack.org/max.asc
+ fingerprint -- CD52 5E72 369B B00D 9E9A 773E 2FDB CB46 5A17 CF21