[Privoxy-devel] 0006-enable-lots-of-diagnostics
Lee
ler762 at protonmail.com
Fri Sep 8 20:18:21 CEST 2023
On Wednesday, September 6th, 2023 at 9:51 AM, Fabian Keil wrote:
> Lee wrote on 2023-09-05 at 19:45:16:
<.. snip lots..>
> > I'd say that the knowledge level one needs to select compiler flags
> > is way less than the knowledge level one needs to do a decent code
> > audit. And a code audit applies only to the one bit of code being
> > audited; selecting better compiler flags applies to all the software
> > that is compiled with those flags. So I can see why a group of unpaid
> > volunteers would spend their time on "compiler flags" even if they don't
> > catch all that much. .. something, something about collecting low-hanging
> > fruit. Code audits are hard.
>
>
> Agreed.
>
> > So it seems a lot easier to justify spending some time picking
> > compiler flags than doing a code audit. Which leads to things
> > like cppCheck or .. who was it that offered to do free automated
> > code audits on open-source code?
>
>
> Coverity used to allow "us" to run their proprietary scanner over
> the Privoxy code but I just checked and the DNS name for the
> web interface [0] no longer resolves to an IP address and
> the website [1] redirects to another one [2] ...
That's too bad. Did you get anything useful out of Coverity?
I have a vague memory of a bug report where the user said they found the bug using cppCheck. The version in cygwin is ancient; I just tried the current version of cppcheck and it died with a Segmentation fault :( Maybe it's the way I built it? *sigh* My ability to look at a crash dump and figure out what went wrong went away with the mainframes decades ago.
Lee
More information about the Privoxy-devel
mailing list