What to do with triaged Coverity complaints about makefs ?

[Alan Somers]

On Thu, Oct 8, 2015 at 3:49 AM, Thomas Schmitt <scdbackup at gmx.net> wrote:
> Hi,
>
> i now get to see the makefs complaints of Coverity.
> (The trick was to try logging out, which failed, but then produced
>  the list of complaints and made the GUI willing to show details.)
>
> Many complaints are about the FFS aspect of makefs, of which i
> have no clue.
> Some more are about /usr.sbin/makefs/cd9660/cd9660_debug.c,
> of which i do not really understand the purpose.
> So i mainly cared for bugs related to ISO 9660 production.
>
> Two ISO 9660 related complaints are easy to understand, but
> i currently lack the makefs background to decide how to
> react on the miserable failure to write to disk.
>
> Meanwhile i got 9 diagnoses with remedy proposals (if real bug)
> and 2 diagnoses without proposals.
>
>
> Now what to do with my findings ?
>
> File 6 PRs for 974635+974636, 976312, 977470, 978431, 1008927,
> 1305659 ?
>
> Fill out the Coverity "Triage" window at the right side of the
> GUI ? (Am i entitled to do more than reading there ?)

Filling out the Coverity triage info is good.  Filing PRs is better.
Doing both is better yet.  But ultimately, the next step forward is to
attract the attention of a developer who can review and commit your
patches.  Checking "svn log"  for recent committers to that directory
is a good idea, but you should probably exclude people who've only
committed makefile and man page changes.  In this case, marius,
davide, and jmg look like good candidates.

After your patches are committed, coverity will update the issues
automatically on its next scan.  It currently scans once every 2 or 3
weeks.

-Alan