OpenBMC community telecon - 11/20 Agenda
ed.tanous at intel.com
Tue Nov 21 12:04:54 AEDT 2017
> A minimal starting point would be to run every code repository through
> Coverity Scan. Setting this up with travs-ci isn't too hard (we do it for parts of
> host firmware today).
> Efforts to limit the damage could also be good, like strict SELinux policy. After
> all, much of the current design would work quite well for that.
I meant more along the lines of "would the community be ok with this" more than "is it technically possible". I think the tooling story has come a long ways in the last few years, especially for open source tools, but I know any attempt to limit what's allowed tends to lead to controversy, so I wanted to see where we all stand.
More information about the openbmc