On Mon, Dec 12, 2022 at 2:56 PM Fabian Maurer <dark.shadow4(a)web.de> wrote:
I'm sometimes working through the issues Coverity scan reported, and I come across a
lot of issues that I consider false positives. I however am not 100% comfortable marking
them as such, just in case I am wrong...
What's the policy on that? Are those getting reviewed by other devs? Should I just
mark them as false positives if I think they are?
In my opinion, if you are reasonably confident that a "defect" is a
false positive then it is helpful to mark it as a false positive.
Other developers can change it back if you make a mistake, and
Coverity keeps a "triage history" of these changes so that it is clear
if there has been a disagreement.
While we're on the subject, it would be very helpful to split defects
found in the "libs" directory into a separate Coverity component,
similar to how we split the tests into a separate component.
-Alex