I am Pravin Chaudhary and I will be working on the project Centralized
I am really excited to be a part of the Summer of Code and look forward to
interacting and working with all the community members. I love the
GNU/Linux ecosystem in general and Fedora is the crown prince of this
kingdom in my opinion. I am pumped to have an opportunity to help dress the
Prince and help him look sharper.
Please find my proposal here - https://fedoraproject.org/
I’m Mandy, my FAS is mandymy, I’m a GSoC student in fedora this round.
I’m going to coding for the project “Migrate Plinth to Fedora Server”.
Plinth is a web interface to administer the functions of the FreedomBox
which is a Debian based project, and the main goal of this idea is to
make it available for Fedora. You can learn more in my application wiki:
I have communicated with my mentor about the details of our project
these days, and as a newcomer to Fedora, I will appreciate your guidance!
Above all, very happy to join fedora’s family and looking forward to
On Mon, May 15, 2017 at 11:05:43PM +0200, Dridi Boukelmoune wrote:
> > The main ideia is to monitor repositories, and when a new package or
> > a new version of an existent package is released, we download the package source code,
> > and run several static analyzers on it. Each monitored distribution will be a kiskadee
> > plugin, that implements an interface that we will define. The result of these
> > analyses, which is parsed using the Fedora Firehose project, will be
> > stored in a relational database (this idea has been discussed a while ago in the
> > devel mailing lists, by the guys in the Static Analysis SIG ). With this
> > database several analyses can be made, and by using several static analyzers we
> > want to find heuristics to identify false positives (this is not part of GSoC
> > though).
> Having myself recently found a bug in zlib thanks to static analysis I
> was a bit surprised that such a critical library wouldn't get more
> "static" eyes on it.
> > A similar tool exists in the Debian distribution, but it is way
> > dependent on their infrastructure, and one of our objetives is to keep kiskadee
> > simple, and extensible.
> Naive question, but wouldn't it be interesting to piggyback on
> release-monitoring.org and fedmsg for the monitoring part? And start
> static analysis when notified of new upstream releases?
That is a great idea which we haven't considered yet. We will definitely
consider doing so (the idea is to have an extensible tool which we could
point to different software repositories). Thank you for the input!
I Cc'd the summer-coding mailing list here :)