Hello, I'm sometimes working through the issues Coverity scan reported, and I come across a lot of issues that I consider false positives. I however am not 100% comfortable marking them as such, just in case I am wrong... What's the policy on that? Are those getting reviewed by other devs? Should I just mark them as false positives if I think they are? Regards, Fabian Maurer
On Mon, Dec 12, 2022 at 2:56 PM Fabian Maurer <dark.shadow4(a)web.de> wrote:
I'm sometimes working through the issues Coverity scan reported, and I come across a lot of issues that I consider false positives. I however am not 100% comfortable marking them as such, just in case I am wrong...
What's the policy on that? Are those getting reviewed by other devs? Should I just mark them as false positives if I think they are?
In my opinion, if you are reasonably confident that a "defect" is a false positive then it is helpful to mark it as a false positive. Other developers can change it back if you make a mistake, and Coverity keeps a "triage history" of these changes so that it is clear if there has been a disagreement. While we're on the subject, it would be very helpful to split defects found in the "libs" directory into a separate Coverity component, similar to how we split the tests into a separate component. -Alex
participants (2)
-
Alex Henrie -
Fabian Maurer