OSS PING
OSS PING
You might be interested in the following Link sent to me by a co-worker today regarding "ESX Server Modified Source" at VMware considering the discussion we had about this a month or so ago.
I haven't had a chance to look at exactly what it includes closely, especially in light of a page I'd found on their site after much digging that stated the ESX kernel was something of their own making, rather than being a Linux derivative. Perhaps it's just a kernel tuned for running in a VMWare container or something. Just thought I'd pass it along.
Almost none of the really interesting, or really dangerous, bugs are caught by it, and while it reports alot of bugs (kind of a nuiscance) few of them are more than mildly interesting.
Unlike 'real' bugs that start with a symptom - such as the system generates an error if such-and-such is done, Coverity bugs start with the specific code complaint, such as this variable doesn't seem to be initialized before use on this code path. This makes Coverity bugs less useful, because one can't see what, if any, impact that alledged bug has on actual system behaviour, and so can't really tell what is the severity of the bug or the impact of the change.
Why is the government spending our tax dollars on this?
Isn't the open source community supposed to be doing this on their own?
You always claim they are. Next you'll be backing Richard Stallman's call for a tax increase to pay for this. If you aren't already.