[Geany-Devel] using Coverity to audit the code base

Colomban Wendling lists.ban at xxxxx
Thu Feb 26 18:18:55 UTC 2015


Le 12/02/2015 22:21, Liviu Andronic a écrit :
> Dear all,
> Recently I've discovered Coverity, a code checking tool, and went
> ahead and submitted the Geany code for static analysis by this
> service:
> https://scan.coverity.com/projects/1388

Quoting Coverity's Scan User Agreement:

"You will not publish any findings regarding or resulting from use of
the Service or the Software;"

IANAL, but this looks like we couldn't discuss an issue it found on e.g.
this mailing list.  And your report about what it did find in Geany's
code is already a violation of that agreement.

More, just for the fun:

"“Confidential Information” means: […] (d) any results of operation from
use of the Software or the Service;"

"Without limiting the generality of the foregoing, You agree that You
will not post […] the results of the Service […] on any network that is
accessible by anyone."

And this is the Scan User Agreement, I couldn't even find the Scan Terms
of Use (at least not without trying to actually register myself).

So… really?


PS: Of course one will tell me that "in practice" they won't come after
us for discussing a fix, but if it really is against the UA I'd rather
not try and see what happens.

More information about the Devel mailing list