We've started to perform static source code analysis on things we ship in the interest of trying to improve quality. We've been very impressed with the Coverity tools, they do an excellent job of finding problems. Coverity is not open source but they support open source projects by providing access to open source projects to some of their tools (you might consider registering with Covertiy). We have a Coverity license and have been granted permission to share our scan results with our upstream open source projects. We have just completed a scan on version 2.1.12 and I wanted to share the results. They are attached. Not every item flagged by the scan is meaningful, but we've learned by running the scans on our own code quite a bit of what is reported were actually undiscovered problems worth fixing. I recognize the timing would have been better if the scan had been performed prior to the release but we're still in the process of getting Coverity integrated into our tool chain. I wonder if the problems cropping up in 3.0 might be identified by a Coverity scan ... Hope this helps, John -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/