[offtopic] Coverity . . .

Frans Englich frans.englich at telia.com
Wed Apr 19 19:49:16 BST 2006

On Wednesday 19 April 2006 18:18, Kuba Ober wrote:
> > I wouldn't worry about how Coverity decides to market and expose their
> > product, unless it affects KDE.
> >
> > That's how I see it.
> Sure. I just think that while what they are doing with analysis and all
> might be perceived as "mostly good thing", there's a little spin to it.
> Just wanted to keep it in a fair perspective.

The first time I found out Coverity scanned a couple of dozen open source 
projects I asked myself why the did it. It of course didn't take long time to 
realize it's a question of publicity/marketing.

As I see it, many involvements in and economical models concerning open 
source, are built around publicity.

> BTW, it does affect KDE since they indirectly use KDE as their marketing
> tool (see e.g. scan.coverity.com). The mentioned page is a page of "pure
> facts", sure, but just like media use facts to spin things their way, so do
> most other marketing campaigns. Coverity is no exception here.
> Heck, they actually end up posting security holes as their news releases
> (say the X.org privilege escalation hole). One could bet that in a few
> months KDE might end up in one of their PR releases. Those are pure
> marketing devices, no one would bother with them otherwise.
> Besides, they are not even doing it for free. There's a contract with DHS
> involved, so one supposes they got decently paid for their efforts.
> So what this all boils down to is that not only OSS projects like KDE end
> up being indirectly used by Coverity as marketing devices, Coverity got
> *paid* for all that.

Sure, I agree KDE is getting "used" by Coverity, but I'd say just as much as 
KDE is being used by Trolltech, or how Apache is used by IBM when it does its 
code donations. Coverity is getting used by KDE -- improved code.

> I'm leaving aside the question of why DHS (thus U.S. 
> taxpayers) are in effect paying for Coverity's marketing.
> If someone still insists this doesn't affect KDE, then I don't know what
> does. The next step would be MS re-posting Coverity's PR to give a positive
> spin on the "security" of Windows . . .
> Is there a better kde mailing list to move this thread to?

Of course, investigating and keeping a sharp eye on topics like this is always 

I personally see no negative impact of Coverity's involvement with KDE and am 
very happy for it. It will with interest read this thread.



More information about the kde-core-devel mailing list