Coverity scans of OpenPAM

The following is a copy of a letter I sent to Coverity today.

I am the author and maintainer of OpenPAM, which was recently promoted to Rung 2 in Coverity’s Open Source scan.

OpenPAM was included in your scans in April 2006, at my request, after a NetBSD developer had contacted me and suggested that the NetBSD scans had revealed numerous bugs in OpenPAM. I later learned that this was in fact not true. On the other hand, NetBSD’s CVS history for OpenPAM shows a number changes prompted by lint(1) warnings, most of which were (from my recollection) either false positives or a result of NetBSD’s own modifications.

However, I was not aware that Coverity was still tracking OpenPAM, as the last time I tried to log in using the URL, user name and password I had been provided, the site seemed to have been taken down. Besides, OpenPAM has been dormant for a couple of years, until the release of OpenPAM Hydrangea last December.

While it is flattering to see my project mentioned in the computer press as a “major Open Source project” and—effectively—one of the eleven least buggy, it would have been nice to have been notified directly by Coverity instead of finding out from a press release.

That being said, I am immensely grateful for the service Coverity provides to the Open Source community in general, and to FreeBSD and OpenPAM in particular.