[FFmpeg-devel] STF SoWs

[Michael Niedermayer]

Hi all

As Jonatan reminded the ML we need to provide SoWs if we want to
participate in STF-SPI

We need one for each project (they do not need to list a person ATM)
but obviously we do need someone who will do the work

I do belive they do need to list the money amount.
Thanks go to Pierre for helping me write template/example.
(converted from google docs and with some last minute edits)

@Jonatan, is this below what SPI needs for each project ?

STF SOW template


1. One line summary of the proposed work
Classify and fix outstanding issues identified by Coverity


2. Description of the work
Coverity is a static code analysis system that is used to analyze FFmpeg code to find bugs with an emphasis on quality and security issues. There are currently 677 outstanding issues identified by Coverity (https://scan.coverity.com/projects/ffmpeg?tab=overview). Some of these issues are false positives while others could open the door to security vulnerabilities.

The objective of this work is to identify the Coverity issues that are not false positives, and fix as many as possible.


3. Milestones
   1. Milestone 1
      1. Description
Review all outstanding Coverity issues and, for each one, determine whether it is a false positive.
      2. Deliverables
List of both false positive and potentially real issues posted to the FFMPEG dev mailing list.
      3. Compensation
XXXXX euros

   2. Milestone 2
      1. Description
Fix 50% of the outstanding real issues
      2. Deliverables
Patches submitted for review to the FFMPEG dev mailing list.
      3. Compensation
XXXXX euros

   3. Milestone 3
      1. Description
Fix 45% of the remaining outstanding real issues. The total number of issues addressed by Milestones 2 and 3 do not total 100% to account for issues that are not practical to fix within the scope of this SOW and are deferred to future work.
      2. Deliverables
Patches submitted for review to the FFMPEG dev mailing list.
      3. Compensation
XXXXX euros


4. Developer(s)
Michael Niedermayer <michael-ffwork at niedermayer.cc>
I work in Austria, and have been an active contributor to FFmpeg since 2001 – 22308 commits so far. My work on FFMPEG is regularly supported by third parties and I am one of the founders of fflabs. I am also familiar with Coverity: I have fixed 563 issues out of 896 Coverity issues fixed in the past (according to gitlog *1). I fixed over 2000 issues found by ossfuzz.

(*)
git shortlog -s -n -i --no-merges --first-parent  --grep 'fix.*\(CID\|coverity\)'

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240206/c929b361/attachment.sig>