https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-03-31&feed=atom&action=historyRelease Meeting Minutes/2008-03-31 - Revision history2024-03-29T11:23:40ZRevision history for this page on the wikiMediaWiki 1.27.4https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-03-31&diff=3750&oldid=prevTomYu at 21:38, 10 January 20112011-01-10T21:38:04Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 21:38, 10 January 2011</td>
</tr><tr>
<td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td>
</tr>
<tr>
<td colspan="2" class="diff-empty"> </td>
<td class="diff-marker">+</td>
<td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>{{minutes|2008}}</div></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Minutes of weekly release meeting for 2008-03-31:'''</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Minutes of weekly release meeting for 2008-03-31:'''</div></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
</table>TomYuhttps://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2008-03-31&diff=275&oldid=prevLxs: New page: '''Minutes of weekly release meeting for 2008-03-31:''' Sam: Last meeting for me. Next week Kerberos Consortium. Might be present on the 14th but not running meeting. Tom: Not sure av...2008-03-31T20:47:25Z<p>New page: '''Minutes of weekly release meeting for 2008-03-31:''' Sam: Last meeting for me. Next week Kerberos Consortium. Might be present on the 14th but not running meeting. Tom: Not sure av...</p>
<p><b>New page</b></p><div>'''Minutes of weekly release meeting for 2008-03-31:'''<br />
<br />
<br />
Sam: Last meeting for me. Next week Kerberos Consortium. Might be present on the 14th but not running meeting.<br />
<br />
Tom: Not sure available to call in next week.<br />
<br />
Sam: Board meeting overlaps with this call so no call.<br />
<br />
Sam: Ken working on coding practices and auditing. Want to discuss auditing with board. Code review cost prohibitive. Looking at static analysis tools. Looking at Coverity and Solaris Lint. <br />
<br />
Sam: Want integrated into processes, periodic runs, fix problems identified. Project management: process for getting to this. Technical: handling false positives. Adopt idioms that reduce false positives. Not a total solution.<br />
<br />
Ken: Confused about the difference between while(1) and for(;;). Thinks while(1) can exit through the bottom of the loop.<br />
<br />
Sam: Can't make Solaris Lint and gcc happy because they warn about different things. Platform specific issues. How do we want to handle this?<br />
<br />
Will: Ken, did you look at the gcc compiler warnings?<br />
<br />
Sam: Looked at those too but Solaris Lint, gcc and Coverity all find different problems so more tools does produce increased coverage. More tools also produce more false positives.<br />
<br />
Kevin: Pick 2 tools that provide the best coverage?<br />
<br />
Ken: Not reviewed all tools. Currently only looked at Coverity and Solaris Lint in depth.<br />
<br />
Will: Under the impression that some version of our lint has security analysis options that might help you. Will look into it. Might be internal only though.<br />
<br />
Ken: Using the lint that comes with the compiler (Sun Studio 12). Also lint binary in Solaris release but that's the UCB one.<br />
<br />
Will: Will look at tools.<br />
<br />
Ken: Are you interested in the bugs we've found in lint? (false positives, etc)<br />
<br />
Will: If they can be batched up then we would find them useful. <br />
<br />
Sam: We will report them through the normal channels and also batch them up for you. <br />
<br />
Sam: How do we want to build these tools into our build system.<br />
<br />
Ken: Coverity side looks fairly easy to automate. Can track bugs from one run to the next. Can mark false positives to be ignored. Runs as part of the build system.<br />
<br />
Ken: Lint is a little more difficult because every compile needs to be modified to include lint options. Pulling all the data from each files is a little tricky. make lint target using the same files list as make depend. <br />
<br />
Sam: make rule that runs our normal build but changes the value of cc_link to include lint options.<br />
<br />
Ken: Would need to special case object files. Wouldn't be any easier than adding additional targets.<br />
<br />
Sam: Makefiles should only have one list of source files for each target. Should fix at the same time.<br />
<br />
Sam: What about false positives on lint?<br />
<br />
Ken: Has a mechanism using comments. Haven't verified it works. Suppressing warnings in macros harder because comments get stripped before macro expansion.<br />
<br />
Tom: Splint annotations were too much work. Need to make sure we make fewer modifications for lint.<br />
<br />
Ken: Need to look more at how to do suppressions to be sure we can handle this correctly.<br />
<br />
Will: Might have annotations facility. Will investigate.<br />
<br />
Sam: How do we get to a proposal?<br />
<br />
Tom: Which tools do we use?<br />
<br />
Sam: Should commit to using Coverity. Use open source version.<br />
<br />
Ken: Issue that people can sniff the analysis over the network if we use the open source version. <br />
<br />
Kevin: Can bittorrent Coverity anyway so a hacker can just use a stolen copy and get the analysis themselves. <br />
<br />
Ken: Might be helpful to pick a directory and try to make them lint-clean as a demo.<br />
<br />
Sam: Get me a proposal by the 14th on how to do that.<br />
<br />
Will: Fundamental questions: Which tools and handling output (protected?). Process of how tools are going to be used (on commit, nightly, etc)?<br />
<br />
Sam: Want to see all that in Ken's report.<br />
<br />
Sam: Do we have any other status updates?<br />
<br />
Will: Updated the wiki. Added some documentation.<br />
<br />
Will: Saw mention of a common credentials cache. What is meant by that?<br />
<br />
Sam: Willis and Paul Armstrong believe we should have a common credential cache. Ball is in their court to elaborate on why and what they wanted. They have a slot to present at the board meeting.<br />
<br />
Tom: Had something to do with a cluster environment or something like that. Computing nodes that need to all talk to the same credentials cache.</div>Lxs