[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Mantis package bombs



Charles Curley wrote:
>> I only recently started to maintain a few packages so I don't have
>> piles of bug reports to deal with as some maintainers do.
> 
> I have had such piles, although not with Fedora. My advice: learn
> how to triage them, and how to move them along. Do not get behind;
> it will kill you. It's also rude to the reporter.

Very true.  Sometimes reality and other factors step in and keep that
truth from being followed. :)

>> I certainly intend to reply to every bug report that is filed on
>> any of my packages,
> 
> I appreciate that; I hope the good intentions last. As you are a
> volunteer (so I take it), don't take on more than you can chew, and
> leave yourself some slack. That's advice I've been giving volunteers
> and paid employees for damn near half a century now, and its good
> advice.

Indeed it's good advice.  I've volunteered in a few places over the
years and have watched many people join, push hard, burn out, and
disappear.  A lot of people can sprint, few can run marathons.

I'm particularly good at not taking on too much (some would say I'm a
little too good at it ;).

> OK, I've worked as a paid professional on the receiving end of bug
> systems similar to bugzilla. Sorry, but from that experience I'm
> skeptical of the bug zappers. I think it is part of the maintainer's
> job to do that stuff. I'm glad to see it proposed and I hope it
> prospers. The work definitely needs to be done!

I see it as much like a good secretary, who acts as a filter.  That
way the boss only has to deal with the important things without
weeding out duplicate information and other useless info.

> Is there a document anywhere that details what a maintainer should
> expect from bugzilla and reporters, how to go about using the
> system, etc. For example, a document that gives circumstances under
> which one would mark a bug as "will not fix", and steps to take
> prior to doing so. An ops manual, if you will, for bugzilla?

I'm sure there are various pieces of this on the Fedora wiki and in
the mailing list archives.  I don't have any links off the top of my
head.  In bugzilla itself, the various states a bug can be in are
described at https://bugzilla.redhat.com/page.cgi?id=bug_status.html

I've seen discussion about a maintainer responsibility document, but I
don't think anything solid exists yet.

To bring this discussion back to the topic of mantis a bit, I
installed the package last night and got it working (in a little over
the 20-30 minutes that the mantis docs say it should take).  I don't
think that the package is hopelessly broken, but there are a few
things that could definitely be fixed up to provide a better user
experience.  Here are some notes of what I ran into, some of which I
think are what bit you (mostly the Apache Allow/Deny rules):

1) php-mysql missing -- should this be required?  It seems that
   technically it isn't, but it makes for an unusable default.  At the
   least, the php-mysql package should be noted in the README.Fedora
   file.  The package changelog indicates that the dependency was
   removed a long time ago (version 0.19.2-1) because the package can
   be used with PostgreSQL as well.

2) Apache rules use "Allow from localhost", but seem to fail with the
   default hosts file that specifies localhost.localdomain as the
   canonical hostname.  Using allow from 127.0.0.1 worked out better
   for me, and seems to be what the other web app packages I have
   installed use.

3) mantis 1.0.8 has a bug that keeps the initial db creation from
   working.  See http://www.mantisbt.org/bugs/view.php?id=8256 for a
   report and patch.  This should get added to the Fedora package
   until a 1.0.9 release is made upstream.

4) SELinux generated an error when trying to send a password reminder:

    type=AVC msg=audit(1188186921.311:669): avc:  denied  { read } for  pid=3974 comm="sh" name="sendmail.postfix" dev=sda2 ino=216037 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file

   I disabled SELinux before using the package much further, so I
   don't know if there are other SELinux issues lurking.  It may only
   occur with Postfix, I don't know.

Aside from that, I had a seemingly usable[1] mantis install in a
reasonable amount of time.  With the Apache allow/deny rules setup it
is probably a little more secure than just unpacking the upstream
tarball in /var/www/html.  But that security definitely caused me the
most hassle in working out why I was getting access denied errors.  I
didn't think Apache was that strict with the hostnames used.

I reported these issues at:

    https://bugzilla.redhat.com/show_bug.cgi?id=257561 

Please feel free to add anything that I missed. :)

[1] For some definition of usable (I'm not a mantis lover myself.)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From there to here, from here to there, funny things are everywhere.
    -- Dr. Seuss, One Fish Two Fish, Red Fish Blue Fish

Attachment: pgpe9nJfoI7OS.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]