On Jan 11, 2008, at 3:20 PM, Graham Bloice wrote:
I see that Coverity has announced 11 apps that have made it to rung2.
Some of them have worse Coverity scan defect rates than Wireshark. Is
there a reason why Wireshark hasn't moved up to rung 2?
To quote the announcement of Rung 2 at
http://scan.coverity.com/
"Eleven dilligent projects which had resolved all of the defects
identified at Rung 1 are the first projects to be upgraded to Rung 2.
Those projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP,
Postfix, Python, Samba, and TCL"
That seems to suggest that we have to resolve all the outstanding
defects in our current report to get upgraded. The last run for us
was 2007 Oct 30; I've resolved a couple of issues there, but there are
still some outstanding. (Some of them are problems with generated ASN.
1 dissectors; unfortunately, they don't cope well with problems in
code from the packet-XXX-template.c files, making it hard to figure
out where the problem is.)