[offtopic] Coverity . . .
kuba at mareimbrium.org
Wed Apr 19 19:18:36 BST 2006
> I wouldn't worry about how Coverity decides to market and expose their
> product, unless it affects KDE.
> That's how I see it.
Sure. I just think that while what they are doing with analysis and all might
be perceived as "mostly good thing", there's a little spin to it. Just wanted
to keep it in a fair perspective.
BTW, it does affect KDE since they indirectly use KDE as their marketing tool
(see e.g. scan.coverity.com). The mentioned page is a page of "pure facts",
sure, but just like media use facts to spin things their way, so do most
other marketing campaigns. Coverity is no exception here.
Heck, they actually end up posting security holes as their news releases (say
the X.org privilege escalation hole). One could bet that in a few months KDE
might end up in one of their PR releases. Those are pure marketing devices,
no one would bother with them otherwise.
Besides, they are not even doing it for free. There's a contract with DHS
involved, so one supposes they got decently paid for their efforts.
So what this all boils down to is that not only OSS projects like KDE end up
being indirectly used by Coverity as marketing devices, Coverity got *paid*
for all that. I'm leaving aside the question of why DHS (thus U.S. taxpayers)
are in effect paying for Coverity's marketing.
If someone still insists this doesn't affect KDE, then I don't know what does.
The next step would be MS re-posting Coverity's PR to give a positive spin on
the "security" of Windows . . .
Is there a better kde mailing list to move this thread to?
More information about the kde-core-devel