The following is a copy of a letter I sent to Coverity today.
I am the author and maintainer of OpenPAM, which was recently promoted to Rung 2 in Coverity’s Open Source scan.
OpenPAM was included in your scans in April 2006, at my request, after a NetBSD developer had contacted me and suggested that the NetBSD scans had revealed numerous bugs in OpenPAM. I later learned that this was in fact not true. On the other hand, NetBSD’s CVS history for OpenPAM shows a number changes prompted by lint(1) warnings, most of which were (from my recollection) either false positives or a result of NetBSD’s own modifications.
However, I was not aware that Coverity was still tracking OpenPAM, as the last time I tried to log in using the URL, user name and password I had been provided, the site seemed to have been taken down. Besides, OpenPAM has been dormant for a couple of years, until the release of OpenPAM Hydrangea last December.
While it is flattering to see my project mentioned in the computer press as a “major Open Source project” and—effectively—one of the eleven least buggy, it would have been nice to have been notified directly by Coverity instead of finding out from a press release.
That being said, I am immensely grateful for the service Coverity provides to the Open Source community in general, and to FreeBSD and OpenPAM in particular.
2 thoughts on “Coverity scans of OpenPAM”
Glad you didn’t need action from them or anything. I’ve been trying to raise an email response from them for the last two years or so about getting X.Org tested again. We’re still listed on their page, despite that.