Le Thu, 4 Apr 2013 06:57:14 +0200,
Charles-François Natali <cf.natali@gmail.com> a écrit :
> > Are you planning to cover the code quality of the interpreter itself
> > too? I've been recently reading through the cert.org secure coding
> > practice recommendations and was wondering if there has is any
> > ongoing effort to perform static analysis on the cpython codebase.
>
> AFAICT CPython already benefits from Coverity scans (I guess the
> Python-security guys receive those notifications). Note that this only
> covers the C codebase.

Correction: the security@ address doesn't receive any coverity
notifications. Perhaps someone checks the (private) coverity builds from
time to time, but I don't think there's anything automatic.

Christian Heimes has a daily build set up and checks the results periodically. ">

(original) (raw)




On Thu, Apr 4, 2013 at 10:42 AM, Antoine Pitrou <solipsis@pitrou.net> wrote:
Le Thu, 4 Apr 2013 06:57:14 +0200,
Charles-François Natali <cf.natali@gmail.com> a écrit :
> > Are you planning to cover the code quality of the interpreter itself
\> > too? I've been recently reading through the cert.org secure coding
\> > practice recommendations and was wondering if there has is any
\> > ongoing effort to perform static analysis on the cpython codebase.
\>
\> AFAICT CPython already benefits from Coverity scans (I guess the
\> Python-security guys receive those notifications). Note that this only
\> covers the C codebase.

Correction: the security@ address doesn't receive any coverity
notifications. Perhaps someone checks the (private) coverity builds from
time to time, but I don't think there's anything automatic.

Christian Heimes has a daily build set up and checks the results periodically.