lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Jul 2021 18:54:16 +0200
From:   Kroah-Hartman <greg@...ah.com>
To:     Norbert Manthey <nmanthey@...zon.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        "Woodhouse, David" <dwmw@...zon.co.uk>,
        "foersleo@...zon.de" <foersleo@...zon.de>,
        Gustavo Pimentel <gustavo.pimentel@...opsys.com>,
        "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: Coverity Scan model file, license, public access

On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote:
> Dear all,
> 
> I would like to work with code analysis on the Linux kernel. The
> currently used Coverity setup already uses a model file [1] to improve
> the precision of the analysis. To the best of my knowledge, this model
> file is currently not publicly accessible. I did not find a license
> attached to  [1], nor any information about licensing.

I have no idea who wrote that thing, sorry.

> To improve the way Coverity is used, I would like to move this model
> file into a public repository, and add a license. I wonder whom else I
> should involve into this process. Is there a recommended place for the
> location of the license? I assume the targeted license should be GPL,
> and would like to understand whether that works with the way this file
> is currently maintained.

How is adding this file anywhere going to help?  Coverity is a closed
source tool that a few of us are "lucky" to be able to use, and even
then, it's tightly restricted what we can do with it.  The only real
users that this could benefit is anyone who is paying for the tool, and
if they are doing that, they are not allowed to share the results of the
output with anyone else (as per the license of the tool).  So unless you
are going to be doing this work on your own, with a paid copy of the
tool, who will use it?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ