Planet Bugzilla
Planet Bugzilla
September 05, 2024
Bugzilla Update
Check the Bugzilla website for up-to-date Bugzilla news
A year or so ago we redesigned our main website at
. The new site has a blog with an RSS feed available, so to avoid duplication of effort, news posts will be getting put there from now on.
So go check out the news page at
Hint: We just released new versions of Bugzilla, and you can read about it there!
September 05, 2024 04:50 AM
August 26, 2023
Bugzilla Update
Bugzilla Celebrates 25 Years With Special Announcements
Happy 25th Birthday to Bugzilla!
Today, August 26, marks the 25th anniversary of Bugzilla!
The first two paragraphs lifted from our
Bugzilla history
When mozilla.org first came online in 1998, one of the first products that was released was Bugzilla, a bug system implemented using freely available open source tools. Bugzilla was originally written in
TCL
by Terry Weissman for use at mozilla.org to replace the in-house system then in use at Netscape. The initial installation of Bugzilla was deployed to the public on a mozilla.org server on
April 6, 1998
After a few months of testing and fixing on a public deployment, Bugzilla was finally released as open source via anonymous CVS and available for others to use on
August 26, 1998
. At this point. Terry decided to port Bugzilla to
Perl
, with the hopes that more people would be able to contribute to it, since Perl seemed to be a more popular language. The completion of the port to Perl was announced on
September 15, 1998
, and committed to CVS
later that night
25 years is a long time in the software world, and it makes us happy that so many people still use Bugzilla to track bug reports and feature requests for their own products. We hope to continue to breath life into Bugzilla and continue to modernize it over the years to come!
New Legal Entity to Manage the Bugzilla Project
Back in December I made an
enthusiastic post
about getting Bugzilla back in motion after it kind of stalled for a while. And then after a month I kind of stopped posting about it. So what happened?
Well, response to that post was actually pretty enthusiastic in itself. I heard from several people who wanted to donate money to the project to get it going again. Which then led to a new problem: we didn’t actually have a legal way to accept donations at the time. So after asking around a bit, and a few conference calls between myself, my own company’s lawyer, and a couple of Mozilla’s lawyers, it was decided that Bugzilla needed a legal entity to manage it, similar to how Thunderbird has been operating recently. And, that’s where the little bit of time that I’ve had to spend on Bugzilla has gone the last 6 months. And as you can understand, with the legal work going on in the background, there wasn’t much I could actually talk about until all of the pieces were actually in place.
Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation – we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.
The name Zarro Boogs Corporation is a shout-out to the phrase returned by Bugzilla when you run a search which returns no results, “Zarro Boogs found.” The buggy spelling of “Zero Bugs” being intentional because it’s generally believed that there’s no such thing as a project with zero bugs in it, only bugs that haven’t yet been reported, thus, saying “Zero Bugs” is, in itself, buggy. There’s a nice write-up of this on
Wikipedia
If you would like to contribute to the project, we have a donation page set up on
GitHub Sponsors
. We hope to have additional ways to donate that don’t require a GitHub account in the future.
Upcoming Releases
Those releases I talked about back in December are finally happening! Look for these (except for 5.9.1) this coming week! Right now we’re aiming for Wednesday, August 30th. We are aiming for September 15 for 5.9.1 (because it’s the 25th anniversary of the port from Tcl to Perl).
4.4.14
– The 4.4 branch has been on life support for a
LONG
time (it was initially released in
2013!!!
). It supports outdated OSes that are hard to find or install, let alone test for these days, and we’ve been itching to drop it for a long time. But our support policy says that we have to support it for 4 months after the following two major releases. The next major release after 4.4 was 5.0, and there have been no major releases after that, which means that 4 month countdown hasn’t even started yet. I am intending this to be the final release of the 4.4 branch (barring any additional security issues being found in the next 4 months) as the 5.2 release below will start that 4 month countdown to End-of-Life this branch.
5.0.4.1
– Why 5.0.4.1 when there’s a 5.0.6 release? Well, if you paid attention to the change logs, 5.0.5 and 5.0.6 contained a massive schema change, as well as reformatting almost all of the Perl code in the source, both of which are a violation of our support policy for a stable branch (a new-to-the-process release manager pushed the release out not realizing that, and by the time we caught it, it was too late). A lot of people noticed this and never upgraded to 5.0.5 or 5.0.6, since they didn’t contain any security fixes. 5.0.4.1 will give those people additional fixes for 5.0.4 without forcing them to pick up those schema and code reformatting changes. Additional updates to the 5.0 branch from now on will continue from 5.0.4.2 and onward.
5.2
– This will be the next major release, and will start the 4 month countdown for discontinuing the 4.4 branch. 5.2 is forked from the 5.0 branch after 5.0.6, and will contain those schema and code formatting changes from 5.0.5 and 5.0.6 in it. So if you
did
upgrade to 5.0.6, 5.2 will be equivalent to a point upgrade for you. Those schema changes should have caused a major release to happen anyway, so this is just fixing the numbering problem with that release (i.e. 5.0.5 should have been called 5.2 to begin with). Note that
if you are using the 5.1.x development releases, those did NOT feed into this
, and 5.2 would actually be a downgrade for you.
5.1.3
– The 5.1 branch is basically dead, as we’ve put all of our resources into finishing off the Harmony release (see 5.9.1 below). We’re going to encourage people on 5.1.x to move to Harmony, but you’ll want to be mindful of the release blockers first before you make the jump. There are some features in 5.1.x that were implemented differently in Harmony, and the code to migrate the related data may or may not work yet (if the feature in question is listed on the release blockers and you use it, you’ll want to wait for now). Even though this branch is dead, we’re going to put out a release with the current batch of security fixes so you aren’t left high and dry before Harmony is ready for you.
5.9.1
– Coming September 15! This will be the first official release off the Harmony branch, and will be classified as a
developer preview release
, not for production use. This is what will eventually be Bugzilla 6. The code is mostly good enough to use right now, but there are still showstoppers to be able to fully release it as a production release. There are also a few gotchas when upgrading from older versions of Bugzilla. If you’re interested in helping make Bugzilla 6 happen, that list of showstoppers is
here
. We are hoping to have Bugzilla 6 in release candidate stage (or at least in beta) by the end of November. The security content for this branch that goes with the other branch releases will be committed to git at the same time the other releases get them, since anyone who has this already will only have it via git pull.
Immediate
Help Wanted
Documentation
. Harmony (5.9.1) in particular needs a LOT of documentation help, as what’s there now is pretty specific to trying to produce a testing environment for bugzilla.mozilla.org, rather than a standalone Bugzilla.
Section 508 Compliance Audit
. There are a number of US government agencies who use Bugzilla internally (NASA is a publicly visible example). New US government projects have to comply with the new accessibility guidelines in Section 508 of the Communications Act, so if we want them to be able to upgrade we need to comply (at least in our newer versions). See
. There is a template for a compliance statement at
. I would love to get a volunteer (or a company who can sponsor someone?) who could audit the 5.2 and harmony branches for compliance, file bugs for things that are violations, and figure out how much of the VPAT we can actually provide at this point. Even if we’re not compliant yet (I suspect we aren’t) I would love to be able to provide a statement with the 5.2 release saying how compliant we are, and listing what’s left to be fixed to make us compliant. See also
Bug 1785941
. Some work has been done on this (as you can see in the dependent bugs to that one) but it still needs help.
Ongoing Help Wanted
You can always find a list of ways to contribute to Bugzilla on our
Contributing page
. A few highlights with additional details:
Donate Money
. Now that we have a legal entity capable of paying developers, we need money to pay them with (and also cover our server hosting expenses). You can donate via our
GitHub Sponsors
page. If you don’t have and can’t create a GitHub account, we hope to have other ways to donate in the future.
Bug Triage!
As you probably noticed from the lack of updates around here in a while, the bug list hasn’t been getting paid much attention to, either. Part of getting this project moving again means re-triaging the existing bug reports. Some of them are really ancient and may not even apply to the current code-base anymore. I’m going to have another blog post coming in the next day or two (for real this time) with information on this topic (specifics for how to help with it), so keep an eye out for that post!
Code!
Once we get the above triage moving, there will be bugs to fix! Bugzilla is an Open Source project, and anyone can contribute! We also have a relatively small user base compared to some of the big projects out there, so the amount of development we’ll be able to fund internally from our donations will still be limited. It will probably make better sense for us to use our internal developers (once we have money to pay some) to review patches and coach external contributors, instead of having them directly producing code.
Paid Developer Time
. If you are a business that makes use of Bugzilla, and has a staff person responsible for maintaining your Bugzilla installation, and that person is willing, please consider officially sponsoring that person to help with upstream Bugzilla development for at least a few hours per week. Most of our lack of development lately has happened because the last few companies that used to do that stopped providing developer time during the economic downturn a few years back (either laid off said person or pulled them away to work on other things), and they haven’t returned. The developers we have currently (until we get money donated as listed above) are all volunteer, and most of them are struggling to find time to work on it.
In Conclusion
We have a lot of excitement ahead of us with the first developer preview of Bugzilla 6 coming later this week (I was hoping to have that for you all today as well, but we didn’t quite make it), and the new opportunities in store for us with a real business entity to support the project now. Come find us in any of our chat rooms (links are in the footer of
our website
alongside the social media links) or drop in on our
developers mailing list
if you’d like to help.
August 26, 2023 11:53 PM
January 21, 2023
Bugzilla Update
Bugzilla Newsletter – Dec 2022 Review
I’m going to try to keep a monthly newsletter like this going so people can keep up to date on what’s going on with the Bugzilla project. Hopefully in the future I’ll get it out a little closer to the beginning of the month. With that said, here’s a review of what happened in December 2022:
Dylan continued to work on simplifying the docker config in Harmony to be usable out of the box without depending on Mozilla’s infrastructure and private docker repos. (still in progress)
Justdave wrote a
blog post
detailing the current project status.
Justdave communicated with multiple organizations who made inquiries about donating funds.
Justdave wrote up a funding proposal at the request of an organization who might be interested in funding some of our work in a more substantial way.
Justdave engaged in conversations with the Mozilla Foundation about how to handle the legal/financial side of the Bugzilla project going forward, since they technically own it, even though it’s treated as a community project. (still in progress – this needs to be resolved before we can accept the above-mentioned donations, though directly funding individual developers can still happen without that)
Justdave spent time experimenting with intercepting and modifying GitHub webhooks in pursuit of
Bug 1802737
, a prerequisite to committing security bugs prior to the upcoming releases. (still in progress)
We’re making slow and steady progress. I’m starting to think we won’t get the big releases that I mentioned in the blog post last month out as soon as hoped, but we’re definitely getting closer.
Most of the fixed bugs in December had to do with cleaning up the website (fixes for things broken by the site redesign).
Upcoming plans for January (and perhaps February) :
Finish off Docker support for both 5.2 and harmony (5.9).
Finish the infrastructure fixes (mostly GitHub and Bugzilla integration with the chat bots) needed to commit the security fixes.
Continue the discussions with Mozilla Foundation in hopes of being able to accept donations soon.
Set up a triage party to work on winnowing down the older bug reports.
Get the releases out the door.
The rest of this post is a bunch of statistics, so if you’re not into that stuff you can stop reading now.
There were
11 new bugs filed
in December, of which one of them is classified as a low-severity security bug. 2 of the bugs were for the website, and 1 for the IRC bot, the remainder for Bugzilla itself.
Overall there were
17 bugs touched
during December, including the above 11.
7 bugs were resolved
. 3 INVALID, 1 WORKSFORME, 1 DUPLICATE, and 2 FIXED.
0 pull requests
were created in the bugzilla repo.
0 pull requests
were touched in the bugzilla repo.
0 pull requests
were closed in the bugzilla repo.
1 pull request
was created in the harmony repo.
2 pull requests
were touched in the harmony repo.
1 pull request
was closed in the harmony repo
There were
22 total commits
to GitHub across all of Bugzilla’s repositories.
18 to the website source (
bugzilla.github.io
jekyll-theme
vendordb
4 to the harmony branch (
harmony
The meaningful commits to harmony did the following:
Set the version number to 5.9+ (justdave)
Fixed a crash during installation/testing when the code tried to access the database when it hadn’t been created yet. (dylan)
And that’s it for December!
January 21, 2023 03:31 AM
December 13, 2022
Bugzilla Update
Upcoming releases and more fun stuff
posted by
Dave Miller
– Bugzilla Project Lead
Surprise! Bugzilla’s not dead yet.
So I posted a bunch of this a few months ago on the developers mailing list but it’s time to get it in front of a bigger audience.
I am trying to kick-start getting stuff moving again with Bugzilla since most of the core Bugzilla volunteers have had job changes over the last few years that have left them with less time to spend on the project, so things have been very slow going for a while. For those that don’t know, I’ve been more or less of a figurehead of a project leader for a number of years now, not having much time to spend on Bugzilla, but not having anyone in a position to be able to step in to replace me, and only stepping in myself to make decision calls when the other developers were at an impasse. I’ve attempted to hand off control of the project to someone else twice in the last 10 years or so, and both times, the person I was about to hand off to got a new job and didn’t have time for it anymore just before we were about to do the hand-off (on the plus side, that happened before they took over and not after). It takes a while for someone to build the trust needed to know I’m leaving it in good hands, so without a lot of active developers it’s hard to get someone in place to do that. But I’ve had some life changes of my own now, which actually give me
more
time to spend on Bugzilla finally, so I’m getting back in the saddle and taking direct control again. I’ve probably poked at it more in the last 5 or 6 months than I have in the last 5 or 6 years combined.
I have started a new consulting business, and I’ve been trying to structure it in a way that allows me to spend time on Bugzilla again. (If you want to hire me to help with your Bugzilla, or help funding work on upstream Bugzilla, feel free to contact me, even if I’m not publicly advertising yet)
Now back to the nitty gritty and my plans for this project.
There is a call for help in this post below the release information.
If you can give us a hand it would be greatly appreciated. Not all of it is code-related, so there might be something you can do even if you’re not a coder!
Infrastructure Updates
Prior to a few weeks ago, our
main website
hadn’t been updated beyond quick bugfixes to content in a long time.
LCP
recently did a full overhaul of the website to modernize it and make information easier to find. We deployed this a few weeks ago, so go have a look! It looks awesome! Also, the new website has RSS feeds!
Also over the last couple months, I’ve been working on getting some of the project infrastructure back in place to help support active development. Among the list of things that have gotten done are:
getting our testing suite moved into GitHub Actions so that it runs automatically on every commit
updating our IRC bot, both to get it to talk to the IRC server again (which it stopped doing recently due to outdated SSL versions), and to update the mail parsing code in it to handle newer versions of Bugzilla (most importantly bugzilla.mozilla.org, where our own notification emails would be coming from).
Setting up a private Git repository for security commits so that we can stage and test them prior to release without exposing them to the public prior to disclosures.
The Release Plans
I would like to put out a new multi-branch release of Bugzilla as soon as we can get all the pieces in place to do so. I was hoping to do this within a few weeks of the original post to the developers list, but that was back in August and it hasn’t happened yet. At this point I think we’ll be really lucky if it happens before the end of December; though mid-January is definitely a possibility. As a forewarning to everyone, there will be security content in it, and that’s part of the holdup. For obvious reasons I can’t ask for help with the security bugs outside of the existing core developer team, as that risks exposure to hackers that might take advantage of it before users have a chance to update. So we ask for your patience while we work through these issues and get them ready to land.
The 4.4 branch has been on life support for a
LONG
time (it was initially released in
2013!!!
), supports outdated OSes that are hard to find or install, let alone test for these days, and we’ve been itching to drop it for a long time. But our support policy says that we have to support it for 4 months after the following two major releases. The next major release after 4.4 was 5.0, and there have been no major releases after that, which means that 4 month countdown hasn’t even started yet.
4.4.14
– I am intending this to be the final release of the 4.4 branch (barring any additional security issues being found in the next 4 months) as the 5.2 release below will start that 4 month countdown to End-of-Life this branch.
5.0.4.1
– Why 5.0.4.1 when there’s a 5.0.6 release? Well, if you paid attention to the change logs, 5.0.5 and 5.0.6 contained a massive schema change, as well as reformatting almost all of the Perl code in the source, both of which are a violation of our support policy for a stable branch (a new-to-the-process release manager pushed the release out not realizing that, and by the time we caught it, it was too late). A lot of people noticed this and never upgraded to 5.0.5 or 5.0.6, since they didn’t contain any security fixes. 5.0.4.1 will give those people additional fixes for 5.0.4 without forcing them to pick up those schema and code reformatting changes. Additional updates to the 5.0 branch from now on will continue from 5.0.4.2 and onward.
5.2
– This will be the next major release, and will start the 4 month countdown for discontinuing the 4.4 branch. 5.2 is forked from the 5.0 branch after 5.0.6, and will contain those schema and code formatting changes from 5.0.5 and 5.0.6 in it. So if you
did
upgrade to 5.0.6, 5.2 will be equivalent to a point upgrade for you. Those schema changes should have caused a major release to happen anyway, so this is just fixing the numbering problem with that release (i.e. 5.0.5 should have been called 5.2 to begin with). Note that
if you are using the 5.1.x development releases, those did NOT feed into this
, and 5.2 would actually be a downgrade for you.
5.1.3
– The 5.1 branch is basically dead, as we’ve put all of our resources into finishing off the Harmony release (see 5.9.1 below). We’re going to encourage people on 5.1.x to move to Harmony, but you’ll want to be mindful of the release blockers first before you make the jump. There are some features in 5.1.x that were implemented differently in Harmony, and the code to migrate the related data may or may not work yet (if the feature in question is listed on the release blockers and you use it, you’ll want to wait for now). Even though this branch is dead, we’re going to put out a release with the current batch of security fixes so you aren’t left high and dry before Harmony is ready for you.
5.9.1
– This will be the first official release off the Harmony branch, and will be classified as a
developer preview release
, not for production use. This is what will eventually be Bugzilla 6. The code is mostly good enough to use right now, but there are still showstoppers to be able to fully release it as a production release. There are also a few gotchas when upgrading from older versions of Bugzilla. If you’re interested in helping make Bugzilla 6 happen, that list of showstoppers is
here
Immediate Help Wanted
There’s a few things (not all necessarily code related) that I would love to get help with prior to the above releases. This list is not entirely the same as the one that was in the original post to the developers list. Some of the items in that list actually got done! Yay! Thanks to those of you who pitched in!
Documentation
. This is going to be primarily for the newer branches, but the older ones are going to need some help as well. Installation instructions mostly. The examples in the docs use ancient versions of the OSes that are given as sample installs, and no sane person is going to be using an OS that old on a new install. So the installation sections of the docs need to be updated to use modern versions of the OSes in the instructions and examples. See also
Bug 1785943
. This has been done for the 5.0 and 5.2 branches (thanks, LCP!) but still needs to be done for 4.4 and Harmony. In fact, Harmony needs a LOT of documentation help, as what’s there now is pretty specific to trying to produce a testing environment for bugzilla.mozilla.org, rather than a standalone Bugzilla.
Section 508 Compliance Audit
. There are a number of US government agencies who use Bugzilla internally (NASA is a publicly visible example). New US government projects have to comply with the new accessibility guidelines in Section 508 of the Communications Act, so if we want them to be able to upgrade we need to comply (at least in our newer versions). See
. There is a template for a compliance statement at
. I would love to get a volunteer (or a company who can sponsor someone?) who could audit the 5.2 and harmony branches for compliance, file bugs for things that are violations, and figure out how much of the VPAT we can actually provide at this point. Even if we’re not compliant yet (I suspect we aren’t) I would love to be able to provide a statement with the 5.2 release saying how compliant we are, and listing what’s left to be fixed to make us compliant. See also
Bug 1785941
Ongoing Help Wanted
There’s also a few things not specifically related to the above release that we’d love to get help with on an ongoing basis:
Bug Triage!
As you probably noticed from the lack of updates around here in a while, the bug list hasn’t been getting paid much attention to, either. Part of getting this project moving again means re-triaging the existing bug reports. Some of them are really ancient and may not even apply to the current code-base anymore. I’m going to have another blog post coming in the next day or two with information on this topic (specifics for how to help with it), so keep an eye out for that post!
Paid Developer Time
. If you are a business that makes use of Bugzilla, and has a staff person responsible for maintaining your Bugzilla installation, and that person is willing, please consider officially sponsoring that person to help with upstream Bugzilla development for at least a few hours per week. Most of our lack of development lately has happened because the last few companies that used to do that stopped providing developer time during the economic downturn a few years back (either laid off said person or pulled them away to work on other things), and they haven’t returned. The developers we have currently are all volunteer, and most of them are struggling to find time to work on it.
In Conclusion…
If you can help with any of these things, visit us on IRC or Matrix (links to both can be found in the left sidebar on
), join the
developer mailing list
and post there, or add comments to the above-listed bugs.
Dave Miller
Bugzilla Project Lead
December 13, 2022 07:18 AM
April 03, 2019
Bugzilla Update
Demo of new Bugzilla features and UX at April 3 project meeting
Our regular monthly project meeting video conference call for April will be Wednesday, April 3 at 8pm UTC / 4pm EDT / 1pm PDT. We’re getting close (relatively) with Bugzilla 6 – currently estimating end of summer or early fall, and we’ll be having some live demos of some of the recent new features and user experience improvements in Bugzilla at this month’s meeting, so you won’t want to miss it.
Meeting Info and Agenda
Watch live on Air Mozilla
Watch live on YouTube
April 03, 2019 04:29 AM
December 20, 2018
Bugzilla Update
January Bugzilla Meeting will be January 9
Our regular meeting schedule dictates that our meetings are held on the first Wednesday of every month at 21:00 London Time. Since the first Wednesday of January is the 2nd and a lot of people will still be on vacation then (and we’ll have issues getting resources for the meeting) we’ll be holding our January meeting on January 9th instead. You can still find all the details at
The Upcoming events in the sidebar here will update to reflect that whenever WordPress’s cache expires.
December 20, 2018 03:20 AM
December 06, 2018
Bugzilla Update
Lots of Bugzilla 6 info and some questions for YOU!
Yesterday, we had our monthly project meeting, and did it panel-discussion style from the Mozilla AllHands meeting in Orlando, FL. We ended up with quite an interesting discussion with lots of good info about Bugzilla 6, and some questions for users of Bugzilla (feel free to comment here with your answers!). The recorded video is here:
December 06, 2018 04:10 PM
December 05, 2018
Bugzilla Update
Bugzilla Meeting live from Orlando
This month’s Bugzilla Project meeting coincides with the Mozilla Allhands in Orlando, and since most of our usual participants will be here in person we’ll be holding it panel-discussion style from the Europe 2 conference room on the Lobby level of the Dolphin at 4pm Eastern. Anyone who’s at the Allhands is welcome to come see us. Of course, it’ll still be streamed on Air Mozilla at 21:00 UTC as usual, and dial-in will be available for anyone remote who wants to talk or ask questions. All the details (Sched link, Video stream links, dial-in info) is at
December 05, 2018 10:20 AM
August 27, 2018
Bugzilla Update
Happy 20th birthday, Bugzilla!
The open source release of Bugzilla turns 20 years old today!
The first two paragraphs lifted from our
Bugzilla history
When mozilla.org first came online in 1998, one of the first products that was released was Bugzilla, a bug system implemented using freely available open source tools. Bugzilla was originally written in
TCL
by Terry Weissman for use at mozilla.org to replace the in-house system then in use at Netscape. The initial installation of Bugzilla was deployed to the public on a mozilla.org server on
April 6, 1998
After a few months of testing and fixing on a public deployment, Bugzilla was finally released as open source via anonymous CVS and available for others to use on
August 26, 1998
. At this point. Terry decided to port Bugzilla to
Perl
, with the hopes that more people would be able to contribute to it, since Perl seemed to be a more popular language. The completion of the port to Perl was announced on
September 15, 1998
, and committed to CVS
later that night
20 years later, Bugzilla is still alive and kicking, and
about to get a major facelift
that’s about 10 years overdue. I had really hoped to be announcing the release of Bugzilla 6 with this post, but we’re not quite there yet. Dylan has been making great progress with the recent merges from bugzilla.mozilla.org, though, and I’m hopeful that we’ll have something that people can at least try out in the really near future. Realistically we’re a few months away from having a full release though.
Over the last 20 years we’ve had about 300 contributors to the Bugzilla code. Here’s a few words from the very first one:
I am in complete shock and awe that Bugzilla has lasted this long. 20 years? Hardly any software lasts more than 5. I’m so very proud that it’s still going strong after these years.
20 years ago from tomorrow (on August 27th, 1998) I filed several bugs against Bugzilla, known problems that I thought would want to get fixed. I’m delighted to point out that one of these bugs <
> is STILL open. After all, you need long-living bugs if you’re going to have a long-living bug system!
— Terry Weissman
And that bug is finally
about to get fixed
Other exciting developments include running as a standalone daemon with Mojolicious and the multitude of user experience enhancements by
BugzillaUX
in the pipeline make the future look bright!
Here’s to the next 20 years!
August 27, 2018 12:12 AM
June 07, 2018
Bugzilla Update
Watch the June 6 Bugzilla Project Meeting
video of this meeting
Short meeting this week because Dylan is traveling and either in an airport or on a plane right now
Updates from Dave
As noted at previous meetings Mozilla is downsizing and trying to find external hosting for the Bugzilla Project which they’ll still pay for, they just want to get out of the hosting bussiness.
Bugzilla needs to exist as a separate legal entity from the Mozilla Foundation for purposes of contracting with a hosting company, so our current status is waiting on the legal work to get done to create a Bugzilla subsidiary of Mozilla Foundation.
The top condender for hosting right now is Linode. Other possibilities are OSUOSL and Eclipse (Emmanual reminded us of their offer)
has been closed up – static page announcing that it’s closing will be in place until the end of July. Contact Dave if you need something retrieved from it before July.
Development updates:
Dylan has Bugzilla mostly running in Mojolicious.
Next meeting is scheduled for July 4th. Watch for announcements on social media channels closer to that date whether it’ll happen then or not (it’s a US holiday)
June 07, 2018 12:06 AM
June 06, 2018
Bugzilla Update
June 6 Project Meeting – new URL
For those that hadn’t already seen it, Air Mozilla is in the process of switching over to a new platform. They’ve already discontinued posting new content on the old platform, and the new platform doesn’t have anonymous access available yet (but it’s coming at the end of June). This means the old URL for watching our meetings live isn’t going to work this month. Fortunately, public meetings on the new platform are mirrored to Youtube, so you’ll be able to watch it at
Of course, if you want to participate instead of just watch, feel free to join us using one of the methods on
the wiki
Today’s meeting will probably be short – Dylan is traveling and won’t be able to attend. The only thing currently on the agenda is an update on our hosting situation. If you have anything else you’d like to discuss, attend the meeting and ask!
See you there!
June 06, 2018 05:35 PM
May 02, 2018
Bugzilla Update
No Bugzilla Meeting today (May 2)
Dylan is out sick today, and we don’t have any major updates to share at the moment anyway, so we’re cancelling today’s meeting. We’ll see you on June 6th.
May 02, 2018 07:26 PM
April 05, 2018
Bugzilla Update
Watch the April 4 Bugzilla Project Meeting
Below are the minutes from today’s Bugzilla meeting along with a link to the video recording of the meeting.
video of this meeting
Updates from Dylan
CyberShadow is a big help getting Harmony in shape to be run by itself
If you’re making a large change, make lots of small pull requests if possible (they can be on the same bug) as it makes it easier to review. That’s been working very well with CyberShadow’s changes.
Bugzilla (Harmony) now working with Mojolicious which is a big deal (mostly for OAuth2 compatibility)
“Rake me over the coals if there’s no 5.0.{next} release by the next meeting”
Updates from Dave
Still waiting on hosting info for our bots and email from Mozilla, hopefully soon
History section on the website has been moved to the About page. It’s been updated with the help of Asa Dotzler correcting some inaccuracies and expanding it based on old Mozilla press releases and commit records.
Next meeting is on Wednesday, May 2, at 9pm BST (UTC+1), 4pm EDT (UTC-4), 1pm PDT (UTC-7)
April 05, 2018 04:49 AM
March 07, 2018
Bugzilla Update
Watch the March 7 Bugzilla Project Meeting
There was a lot of good information in today’s project meeting. Below are the minutes from the meeting as well as a link to the video recording of the meeting. Be sure to check out and comment on the new project roadmaps!
video recording of this meeting
Appoint note taker and get them editing the Etherpad
justdave
We now have a new set of roadmaps
Dylan gave a walkthrough of the new roadmaps –
watch the meeting video recording for commentary (it’s good stuff!)
Infrastructure updates
was switched over to GitHub Pages finally – this gets it out of Mozilla’s internal hosting infrastructure and into somewhere the Bugzilla project has some amount of control over.
typo fixes and other pull requests welcome at
We have a couple leads on hosting for the remaining Bugzilla project infrastructure – will hopefully have movement on this in the next month or so. (we have until August to get out of Mozilla’s old datacenter)
Any other business
none brought up.
The next meeting will be on Wednesday, April 4, at 20:00 UTC (9pm BST / 4pm EDT / 1pm PDT)
March 07, 2018 10:47 PM
February 16, 2018
Bugzilla Update
Release of Bugzilla 5.1.2, 5.0.4, and 4.4.13
Today we have several new releases.
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the
Security Advisory
that was published along with these releases.
Bugzilla 5.0.4
is our latest stable release. It contains various useful bug fixes and security improvements:
Download 5.0.4
Release Notes
for 5.0.4
Bugzilla 4.4.13
is a security update for the 4.4 branch:
Download 4.4.13
Release Notes
for 4.4.13
Bugzilla 5.1.2
is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please
tell us
Download 5.1.2
February 16, 2018 08:13 PM
February 07, 2017
Bugzilla Tips
Autolinkification
Bugzilla comments are, by default, plain text – so typing will produce less-than, U, greater-than rather than underlined text. However, Bugzilla will automatically make hyperlinks out of certain sorts of text in comments. For example, the text
http:/
/www.bugzilla.org
will be turned into a link:
. Other strings which get linkified in the obvious manner are:
bug 12345
comment 7
bug 23456, comment 53
attachment 4321
mailto:george@example.com
george@example.com
ftp://ftp.mozilla.org
A corollary here is that if you type one or more bug numbers in a comment, you should put the word “bug” before each of them, so they gets autolinkified for the convenience of others.
But also, if you have some text you want linkified in this way, perhaps for use in a blog post, status report, wiki page or other place, you can use the handy
linkifier
, which will do exactly that for you.
February 07, 2017 11:39 AM
May 19, 2016
Bugzilla Update
Release of Bugzilla 4.4.12, 5.0.3, and 5.1.1
Today we have several new releases for you!
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the
Security Advisory
that was published along with these releases.
Bugzilla 5.0.3 is our latest stable release. It contains various
useful bug fixes and security improvements:
Download 5.0.3
Release Notes
for 5.0.3
Bugzilla 4.4.12
is a security update for the 4.4 branch:
Download 4.4.12
Release Notes
for 4.4.12
Bugzilla 5.1.1
is an unstable development release.
This release has not received QA testing from the Bugzilla Project, and should not
be used in production environments. Development releases exist as previews of the
features that the next major release of Bugzilla will contain. They also exist for
testing purposes, to collect bug reports and feedback, so if you find a bug in this
development release (or you don’t like how some feature works) please
tell us
Download 5.1.1
Note:
Make sure ImageMagick is up-to-date if the BmpConvert extension is enabled.
If no updated ImageMagick version is available for your OS, we recommend to disable the BmpConvert
extension for now (
bug 1269793
).
May 19, 2016 07:04 PM
December 22, 2015
Bugzilla Update
Release of Bugzilla 5.0.2, 4.4.11, and 4.2.16
Today we have several new releases for you!
All of today’s releases contain two security fixes. We recommend that all Bugzilla administrators read the
Security Advisory
that was published along with these releases.
Bugzilla 5.0.2
is our latest stable release. It contains various useful bug fixes and security improvements:
Download 5.0.2
Release Notes
for 5.0.2
Bugzilla 4.4.11
is a security update for the 4.4 branch:
Download 4.4.11
Release Notes
for 4.4.11
Bugzilla 4.2.16
is a security update for the 4.2 branch:
Download 4.2.16
Release Notes
for 4.2.16
December 22, 2015 10:38 PM
September 10, 2015
Bugzilla Update
Release of Bugzilla 5.0.1, 4.4.10, and 4.2.15
Today we have several new releases for you!
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the
Security Advisory
that was published along with these releases.
Bugzilla 5.0.1
is our latest stable release. It contains various useful bug fixes and security improvements:
Download 5.0.1
Release Notes
for 5.0.1
Bugzilla 4.4.10
is a security and bug fix update for the 4.4 branch:
Download 4.4.10
Release Notes
for 4.4.10
Bugzilla 4.2.15
is a security and bug fix update for the 4.2 branch:
Download 4.2.15
Release Notes
for 4.2.15
September 10, 2015 08:47 PM
September 08, 2015
Bugzilla Tips
Better Bugzilla Documentation
The recent release of Bugzilla 5.0 was the first release sporting the
new, improved Bugzilla documentation
, which has been moved from DocBook XML to reStructuredText to make it easier to edit and so more likely to be up-to-date :-).
Readers of this blog may be particularly interested in the
User Guide
. Feedback on the new docs is welcome, particularly suggestions for where it is lacking – please use the bug filing link at the bottom of each docs page.
September 08, 2015 12:50 PM
August 07, 2015
Bugzilla Tips
New Modal UI for show_bug on BMO
For the past few months, a new experimental modal bug view has been available on
bugzilla.mozilla.org
. This hides a lot of complexity both through being read-only initially, and also through having expandable and collapsible sections. It is also quicker and less resource-intensive to load. It requires you to click an “Edit” button, which reveals much more UI, when you want to do more than the common operations – add a comment, CC/NI people, or change the Status or Resolution. It is also more dynamic – for example, there are no more interstital pages when moving bugs between Products, because when you change the Product, the new lists of Components, Milestones etc. load into the widgets automatically.
A picture is worth a thousand words. Here’s the initial view:
And here’s the Edit view:
You can enable it in the
Preferences
– change “Use experimental user interface” to “On”.
Thanks to glob for doing the hard work on making this happen. This view has not yet made it upstream to Bugzilla itself.
August 07, 2015 02:35 PM
July 30, 2015
Bugzilla Update
Bugzilla 4.2 will be EOL on 2015/11/30
As discussed on the Bugzilla
developers mailing list/newsgroup
and confirmed by project leads, Bugzilla’s new release policy is to end-of-life the oldest supported major version four months after a new major release. Since this is the first time we’re enacting this policy, we’ve extended the date to be 4 months from today rather than from Bugzilla 5.0’s exact release date (July 7th).
Thus Bugzilla 4.2 will be end-of-lifed on 30 November 2015. This means no fixes of any kind will be issued for Bugzilla 4.2 from that date onwards. As usual, all Bugzilla admins are encouraged to
upgrade
to the latest version of Bugzilla as soon as possible, especially those running 4.2 or earlier.
To expand a bit further on our new EOL process, after a new major release, we will support three major releases (including the new one) for four months. After four months, we will drop support for the oldest one. We will continue to support the remaining two until four months after the next release.
For example, currently we support 4.2, 4.4, and 5.0. In four months’ time we will drop support for 4.2 and support only 4.4 and 5.0. When the next major version comes out, perhaps 5.2
, we will support 4.4, 5.0, and 5.2. Four months later, we will drop support for 4.4 and support only 5.0 and 5.2.
Mark Côté
Assistant Project Lead, Bugzilla
It may be 6.0 if there are major and/or breaking changes.
July 30, 2015 06:13 AM
July 07, 2015
Bugzilla Update
Release of Bugzilla 5.0
Today the Bugzilla Project is extremely proud to announce the release of Bugzilla 5.0!
It has been slightly over two years since we released Bugzilla 4.4 on May 2013. This new major release comes with many new features and improvements to WebServices and performance.
We hope that you enjoy and appreciate the results of the past two years of hard work by our entirely-volunteer
community
Download 5.0
Release Notes
for 5.0
EOL for 4.0.x
Please note that the release of Bugzilla 5.0 also marks End Of Life for the Bugzilla 4.0 series, meaning that there will be no further updates for the 4.0.x series, even if there are serious security
issues found in that series. We recommend that all installations running the 4.0 series upgrade as soon as possible to 5.0.
July 07, 2015 09:20 PM
February 18, 2015
Gervase Markham
R.I.P. api-dev.bugzilla.mozilla.org
Complaining about bugzilla.mozilla.org (BMO) is a Mozilla project activity as old as the hills. Back in 2009, it was realised by the Foundation that to make everyone happy was (and still is) an impossible task, and I was given a mandate to “help people solve their own problems”. So around September 2009, I released the first version of my Bugzilla API proxy software,
BzAPI
. This software presented a clean, well-documented RESTful interface on the front end, and did all sorts of things on the back end (XML, CSV, RPC, HTML scraping) that developers no longer had to worry about. We made a dev server VM for it so people could try it out – api-dev.bugzilla.mozilla.org.
It was popular. Extremely popular. People started building things, and then more things, all of which depended on this server for Bugzilla data. For various reasons, IT never got around to building a production instance, and so over the last five years, I’ve been maintaining this core piece of Mozilla project infrastructure, which was depended on by TBPL and many, many other tools which interfaced with Bugzilla. At its peak, it serviced 400,000 requests per day.
Over the intervening years, BMO itself acquired a REST API which slowly became more capable, and then a BzAPI-compatible API shim was implemented on top of it by the excellent dkl, so people could change their code to access BMO directly just by updating the endpoint URL. After a few false starts, requests to api-dev.bugzilla.mozilla.org are now served directly by BMO, via that shim code. Earlier today, the api-dev VM was
finally powered down
Here’s to you, api-dev. Good job.
February 18, 2015 04:04 PM
Bugzilla Tips
Bugzilla Has New Documentation
The Bugzilla team recently finished a big project to update, rewrite, improve and centralize Bugzilla’s documentation. You can find it at
. In particular, there’s a
User Guide
which will be useful to, er, Bugzilla users.
If you have suggestions for further improvements to the documentation, please
let the team know
February 18, 2015 02:36 PM
December 06, 2014
Bugzilla Tips
Making Bugzilla Searches Faster
People often wonder how to make searches in Bugzilla faster on large installations. Two things will give you the most bang for the buck:
Specify you only want open bugs (if that’s true)
Specify a product (and, if you know it, a component) to search
Do those two things, and your searches will be much faster.
Coincidentally enough, Bugzilla’s “
Simple Search
” (
BMO version
) allows you to specify precisely those two things.
December 06, 2014 10:14 PM
December 01, 2014
Gervase Markham
Search Bugzilla with Yahoo!
The Bugzilla team is aware that there are currently 5 different methods of searching Bugzilla (as explained in
yesterday’s presentation
) – Instant Search, Simple Search, Advanced Search, Google Search and QuickSearch. It has been argued that this is too many, and that we should simplify the options available – perhaps building a search which is all three of Instant, Simple and Quick, instead of just one of them. Some Bugzilla developers have sympathy with that view.
I, however, having caught the mood of the times, feel that Mozilla is all about choice, and there is still not enough choice in Bugzilla search. Therefore, I have decided to add a sixth option for those who want it. As of today, December 1st, by installing this
GreaseMonkey script
, you can now search Bugzilla with Yahoo! Search. (To do this, obviously, you will need a copy of
GreaseMonkey
.) It looks like this:
In the future, I may create a Bugzilla extension which allows users to fill the
fourth tab
on the search page with the search engine of their choice, perhaps leveraging the
OpenSearch
standard. Then, you will be able to search Bugzilla using the search engine which provides the best experience in your locale.
Viva choice!
December 01, 2014 12:01 AM
November 28, 2014
Gervase Markham
Bugzilla for Humans, II
In 2010,
johnath
did a very popular video introducing people to Bugzilla, called “
Bugzilla for Humans
“. While age has been kind to johnath, it has been less kind to his video, which now contains several screenshots and bits of dialogue which are out of date. And, being a video featuring a single presenter, it is somewhat difficult to “patch” it.
Enter Popcorn Maker, the Mozilla Foundation’s multimedia presentation creation tool. I have written a script for a replacement presentation, voiced it up, and used Popcorn Maker to put it together. It’s branded as being in the “Understanding Mozilla” series, as a sequel to “
Understanding Mozilla: Communications
” which I made last year.
So, I present “
Understanding Mozilla: Bugzilla
“, an 8.5 minute introduction to Bugzilla as we use it here in the Mozilla project:
Because it’s a Popcorn presentation, it can be remixed. So if the instructions ever change, or Bugzilla looks different, new screenshots can be patched in or erroneous sections removed. It’s not trivial to seamlessly patch my voiceover unless you get me to do it, but it’s still much more possible than patching a video. (In fact, the current version contains a voice patch.) It can also be localized – the script is
available
, and someone could translate it into another language, voice it up, and then remix the presentation and adjust the transitions accordingly.
Props go to the Popcorn team for making such a great tool, and the Developer Tools team for Responsive Design View and the Screenshot button, which makes it trivial to reel off a series of screenshots of a website in a particular custom size/shape format without any need for editing.
November 28, 2014 11:52 AM
November 25, 2014
Bugzilla Tips
Email Filtering on bugzilla.mozilla.org
Vanilla Bugzilla lets you decide which bugmail you receive based on what changed about a bug. But there are a couple of extensions which give you even more control, and both are installed on
bugzilla.mozilla.org
. So the new email filtering pipeline is as follows:
Firstly,
ComponentWatching
, as the name implies, lets you “watch” particular products or components, so you get put on the list to receive bugmail for all changes to any bugs in those products or components. This is very useful if you have an interest in a particular area of the project. You can also watch particular users – that function is built-in.
Secondly, the
normal email filters
run, which exclude or include you from emails based on the particular fields which have been changed in the bug update.
Lastly, the
BugmailFilter
extension allows you to define “include” or “exclude” rules based on any one of:
the field changed
the current product
the current component
your relationship to the bug
who made the change (useful to exclude changes made by bots).
Using these three capabilities in tandem, it should be possible to carefully control how much bugmail you receive, even if you are using a system like Gmail which does not have good client-side filtering.
November 25, 2014 05:40 PM
November 19, 2014
Gervase Markham
BMO show_bug Load Times 2x Faster Since January
The load time for viewing bugs on bugzilla.mozilla.org has got 2x faster since January. See
this tweet
for graphical evidence.
If you are looking for a direction in which to send your bouquets,
glob
is your man.
November 19, 2014 10:42 AM
October 06, 2014
Gervase Markham
New Class of Vulnerability in Perl Web Applications
We did a Bugzilla security release today, to fix some holes responsibly disclosed to us by
Check Point Vulnerability Research
, to whom we are very grateful. The most serious of them would allow someone to create and control an account for an arbitrary email address they don’t own. If your Bugzilla gives group permissions based on someone’s email domain, as some do, this could be a privilege escalation.
Update 2014-10-07 05:42 BST
: to be clear, this pattern is most commonly used to add “all people in a particular company” to a group, using an email address regexp like
.*@mozilla.com$
. It is used this way on bugzilla.mozilla.org to allow Mozilla Corporation employees access to e.g. Human Resources bugs. Membership of the Mozilla security group, which has access to unfixed vulnerabilities, is done on an individual basis and could not be obtained using this bug. The same is true of BMO admin privileges.)
These bugs are actually quite interesting, because they seem to represent a new Perl-specific security problem. (At least, as far as I’m aware it’s new, but perhaps we are about to find that everyone knows about it but us.
Update 2014-10-08 09:20 BST
everything old is new again
; but the level of response, including changes to CGI.pm, suggest that this had mostly faded from collective memory.) This is how it works. I’m using the
most serious bug
as my example. The somewhat less serious bugs caused by this pattern were XSS holes. (Check Point are going to be presenting on this vulnerability at the
31st Chaos Communications Congress
in December in Hamburg, so check their analysis out too.)
Here’s the vulnerable code:
my $otheruser = Bugzilla::User->create({
login_name => $login_name,
realname => $cgi->param('realname'),
cryptpassword => $password});
This code creates a new Bugzilla user in the database when someone signs up.
$cgi
is an object representing the HTTP request made to the page.
The issue is a combination of two things. Firstly, the
$cgi->param()
call is context-sensitive – it can
return a scalar or an array
depending on the context
in which you call it – i.e. the type of the variable you assign the return value to. The ability for functions to do this is a Perl “do what I mean” feature.
Let’s say you called a page as follows, with 3 instances of the same parameter:
index.cgi?foo=bar&foo=baz&foo=quux
If you call
param()
in an array context (the @ sigil represents a variable which is an array), you get an array of values:
@values = $cgi->param('foo');
-->
['bar', 'baz', 'quux']
If you call it in a scalar context (the $ sigil represents a variable which is a scalar), you get a single value, probably the first one:
$value = $cgi->param('foo');
-->
'bar'
So what context is it being called in, in the code under suspicion? Well, that’s exactly the problem. It turns out that functions called during hash value assignment are evaluated in a list context. However, when the result comes back, that value or those values are assigned to be part of uthe hash as if they were a set of individual, comma-separated scalars. I suspect this behaviour exists because of the close relationship of lists and hashes; it allows you to do stuff like:
my @array = ("foo", 3, "bar", 6);
my %hash = @array;
-->
{ "foo" => 3, "bar" => 6 }
Therefore, when assigning the result of a function call as a hash value, if the return value is a single scalar, all goes as you would expect, but if it’s an array, the second and subsequent values end up being added as key/value pairs in the hash as well. This allows an attacker to override values already in the hash (specified earlier), which may have already been validated, with values controlled by them. In our case,
real_name
can be any string, so doesn’t need validation, but
login_name
most definitely does, and it already has been by the time this code is called.
So, in the case of the problematic code above, something like:
index.cgi?realname=JRandomUser&realname=login_name&realname=admin@mozilla.com
would end up overriding the already-validated
login_name
variable, giving the attacker control of the value used in the call to
Bugzilla::User->create()
. Oops.
We found 15 instances of this pattern in our code, four of which were exploitable to some degree. If you maintain a Perl web application, you may want to audit it for this pattern. Clearly, CGI.pm
param()
calls are the first thing to look for, but it’s possible that this pattern could occur with other modules which use the same context-sensitive return feature. The generic fix is to require the function call to be evaluated in scalar context:
my $otheruser = Bugzilla::User->create({
login_name => $login_name,
realname =>
scalar
$cgi->param('realname'),
cryptpassword => $password});
I’d say it might be wise to not ever allow hash values to be assigned directly from functions without a call to
scalar
October 06, 2014 07:13 PM
May 03, 2014
Gervase Markham
Bugzilla 1,000,000 Bug Sweepstake Results
Milestone bugzilla.mozilla.org bug
1,000,000
was filed on 2014-04-23 at 01:10 ZST by Archaeopteryx (although rumour has it he used a script, as he also filed the 12 previous bugs in quick succession). The title of the bug was initially “Long word suggestions can move/shift keyboard partially off screen so it overflows” (a Firefox OS Gaia::Keyboard bug, now
bug 1000025
), but has since been changed to “Celebrate 1000000 bugs, bring your own drinks.”
The winner of the
sweepstake
to guess the date and time is
Gijs Kruitbosch
, who guessed 2014-04-25 05:43:21 – which is 2 days, 4 hours, 33 minutes and 5 seconds out. This is a rather wider error, measured in seconds, than the previous sweepstake, but this one had a much longer time horizon – it was instituted
9 months ago
. So that’s an error of about 0.95%. The 800,000 bug winner had an error of about 1.55% using the same calculation, so in those terms Gijs’ effort is actually better.
Gijs writes:
I’m Dutch, recently moved to Britain, and I’ll be celebrating my 10th “mozversary” sometime later this year (for those who are counting, bugs had 6 digits and started with “2” when I got going). Back in 2004, I got started by working on ChatZilla, later the Venkman JS debugger and a bit of Firefox, and last year I started working on Firefox as my day job. Outside of Mozilla, I play the piano every now and then, and try to adjust to living in a nation that
puts phone booths in its cycle paths
The two runners-up are
Håvard Mork
(2d 14h 50m 52s out) and
Mark Banner
(8d 8h 24m 36s out). Håvard writes:
My name is Håvard Mork. I’m a Java software developer, working with Firefox and web localization to Norwegian. I’ve been involved with localization since 2003. I think localization is rewarding, because it is a process of understanding the mindset of the users, and their perception of IT.
I’m surprised that my estimate came that close. I spent almost an hour trying to figure out how much bug numbers grow, and estimate the exponential components. Unfortunately I lost the equation, so need to start over for the 2,000,000 sweepstakes…
Mark writes:
I’m Mark Banner, also known as Standard8 on irc, I work from home in the UK. I came to Mozilla through volunteering on Thunderbird, and then working at Mozilla Messaging. I still manage Thunderbird releases. Alongside those, I am working on the Loop project (formally Talkilla), which is aiming to provide a real time communications service for Mozilla products, built on top of WebRTC.
Gijs will get a Most Splendid Package, and also a
knitted thing from Sheeri
as a special bonus prize! The other winners will receive something a little less splendid, but I’m sure it’ll be worth having nevertheless.
May 03, 2014 07:57 PM
April 28, 2014
Gervase Markham
bugzilla.mozilla.org Stats At 1,000,000
Thanks to glob, we’ve got some interesting stats from
BMO
as it crosses the 1M bug mark.
Statuses
UNCONFIRMED 23745
NEW 103655
ASSIGNED 8826
REOPENED 3598
RESOLVED 640326
VERIFIED 220235
CLOSED 1628
Resolutions
RESOLVED
DUPLICATE 119242
EXPIRED 10677
FIXED 303099
INCOMPLETE 30569
INVALID 58096
MOVED 27
WONTFIX 36179
WORKSFORME 82437
VERIFIED
DUPLICATE 64702
EXPIRED 27
FIXED 108935
INCOMPLETE 1746
INVALID 17099
MOVED 150
WONTFIX 6105
WORKSFORME 21471
Total bugs fixed (RESOLVED/FIXED + VERFIED/FIXED): 412034
Total duplicates: 183944
Bugs Filed Per Day (April)
2014-04-01 519
2014-04-02 531
2014-04-03 620
2014-04-04 373
2014-04-05 133
2014-04-06 132
2014-04-07 544
2014-04-08 622
2014-04-09 597
2014-04-10 571
2014-04-11 467
2014-04-12 156
2014-04-13 170
2014-04-14 573
2014-04-15 580
2014-04-16 574
2014-04-17 619
2014-04-18 356
2014-04-19 168
2014-04-20 118
2014-04-21 445
2014-04-22 635
2014-04-23 787
2014-04-24 562
2014-04-25 498
2014-04-26 173
Busiest Days Ever
2013-12-30 1360 (bulk import from another tracker)
2013-12-29 1081 (bulk import from another tracker)
2008-07-22 1037 (automated security scanner filing bugs)
2012-10-01 1013 (Gaia bugs import)
2014-02-11 805
2014-04-23 787
2014-02-04 678
2013-01-09 675
2013-11-19 647
2014-04-22 635
User Activity
We think the earliest bug filed by someone who is still involved with Mozilla is
bug 283
, which was filed by Wan-Teh Chang on 1998-04-29.
2263 people who logged into Bugzilla at some point in April (i.e. are active users) have filed more than 10 bugs.
The most active user by far is
bz
Bugs filed 4351
Comments made 148493
Assigned to 4029
Commented on 56138
QA-Contact 8
Patches submitted 8080
Patches reviewed 14872
Bugs poked 66215
(You can find these stats about yourself by going to
your own user profile
. If you are logged in, you can search for other users and see their stats.)
Top 10: Assignees
nobody@mozilla.org 349671
mscott@mozilla.org 16385
bugzilla@blakeross.com 15056
asa@mozilla.org 13350
sspitzer@mozilla.org 11974
bugs@bengoodger.com 10995
justdave@mozilla.com 4768
sean@mozilla.com 4697
oremj@mozilla.com 4672
mozilla@davidbienvenu.org 4273
Top 10: Reporters
jruderman@gmail.com 8037
timeless@bemail.org 6129
krupa.mozbugs@gmail.com 5032
pascalc@gmail.com 4789
bzbarsky@mit.edu 4351
philringnalda@gmail.com 4348
stephen.donner@gmail.com 4038
dbaron@dbaron.org 3680
cbook@mozilla.com 3651
bhearsum@mozilla.com 3528
Top 10: Commenters
tbplbot@gmail.com 347695
bzbarsky@mit.edu 148481
philringnalda@gmail.com 65552
dbaron@dbaron.org 58588
ryanvm@gmail.com 50560
bugzilla@mversen.de 48840
gerv@mozilla.org 48704
roc@ocallahan.org 47453
hskupin@gmail.com 43596
timeless@bemail.org 42885
Top 11: Patches Attached
bzbarsky@mit.edu 8080
dbaron@dbaron.org 4879
ehsan@mozilla.com 4502
roc@ocallahan.org 4397
masayuki@d-toybox.com 4079
neil@httl.net 3930
mozilla@davidbienvenu.org 3890
timeless@bemail.org 3739
brendan@mozilla.org 3659
bugs@pettay.fi 3530
wtc@google.com 3411
Top 11: Reviews
roc@ocallahan.org 15581
bzbarsky@mit.edu 14869
neil@httl.net 9424
jst@mozilla.org 8352
dbaron@dbaron.org 8103
benjamin@smedbergs.us 7272
mozilla@davidbienvenu.org 6198
dveditz@mozilla.com 5983
asa@mozilla.org 5499
mark.finkle@gmail.com 5346
gavin.sharp@gmail.com 5126
April 28, 2014 12:38 PM
January 22, 2014
Gervase Markham
BzAPI App Author?
Have you written an app or system of some sort which uses the
Bugzilla REST API
(BzAPI)? If so, please do as the docs have long recommended and make sure you are a member of the
mozilla.tools
discussion forum. There are several upcoming announcements in the next few weeks and months which you will need to be aware of, and that is where they are going to be posted.
January 22, 2014 02:24 PM
August 01, 2013
Gervase Markham
Bugzilla 1,000,000 Bug Sweepstake
Note
: The closing date for entries was midday ZST on Thursday 5th September 2013, i.e. a long time ago :-).]
Some of you may have noticed that, after a
long history
of contests, there was no competition to predict the time of arrival of the 900,000th bug on
bugzilla.mozilla.org
. This was because we were preparing for the big 1M.
Now we are
over 9000,00
(can that really be right?), I can reveal that the prize for the Millionth Bug Sweepstake will be the top-of-the-range Most Splendid Package from the Mozilla Gear Store, which includes a black hoodie, a drawstring tote bag, a Moleskine notebook, and a Rickshaw laptop bag, all Firefox or Mozilla-branded.
The aim of the contest is simple – you need your guess to be the closest to the actual filing date of the one millionth bug in our Bugzilla installation.
To enter, email me a plain text email at gerv@mozilla.org,
ideally using this link
, filling in the date and time you think the one millionth bug will be filed, along with your Bugzilla ID or email address. As the link suggests, your entry should be on the first line of your email, and formatted as follows:
2010-09-08 06:54:32 bugzilla-id@example.com
All times are in ZST (‘Zilla Standard Time, a.k.a. Pacific Time, as displayed in Bugzilla timestamps unless you’ve changed a pref). If you prefer to be contacted on a different address, add that as well, in brackets on the end of the same line. We have ample
graphs
and
charts
(requires
editbugs
) to help you with your assessment. But if you can’t be bothered to do any research and analysis, just guess optimistically and hope!
This is a Mozilla community event. To keep it that way, entrants must have
either
a Bugzilla account on
bugzilla.mozilla.org
created before the end of July 2013, and which has done something useful in the past six months,
or
a Mozillians account vouched for before the same date. Anyone who meets those criteria can (and is encouraged to) enter, including Mozilla employees. Once the bug is filed, I’ll check those entries who are closest, and keep discarding them until I find one which meets these criteria. Therefore, there’s no point posting this to Slashdot or any other non-Mozilla-focussed news source. But please do post it in Mozilla news sources!
Badly-formatted entries may be discarded. The judge’s decision is final, and any funny business regarding the filing of bugs on or around the one million mark will be frowned upon. The closing date for entries is midday ZST on Thursday 5th September 2013.
August 01, 2013 11:26 AM
March 08, 2013
Gervase Markham
Bugzilla API 1.3 Released
I am proud to announce the release of version 1.3 of the
Bugzilla REST API
. This maintenance release has a bug fix or two, and fully supports the version of Bugzilla 4.2 which has just been deployed on bugzilla.mozilla.org. For smooth interaction with BMO, you should be using this version.
The installation of BzAPI
1.1
on api-dev.bugzilla.mozilla.org
will go away in 4 weeks, on 4th April
. There is a limit to the number of old versions we can support on the server, particularly as the older ones can put a larger load on Bugzilla and may not work correctly. Please use either the /1.3 or the /latest endpoints. Now that BzAPI has been stable for some time, tools which earlier rejected using the /latest endpoint may want to reconsider.
File bugs
Feedback and discussion
March 08, 2013 11:47 AM
January 23, 2013
Gervase Markham
Persona Login Now Fully Enabled On bugzilla.mozilla.org
[Update 2013-01-23 18:35 GMT – turns out there are a couple of Persona features we still need to be absolutely certain that this is a good thing. The change has been reverted until we’ve got those. Sorry for any confusion.]
In April last year, we
enabled Persona logins on bugzilla.mozilla.org
using a Bugzilla extension I wrote. However, we restricted this login method to low-privilege accounts only while Persona and the extension both matured.
I’m pleased to say that, as of now, unless you are a member of the administrative Bugzilla groups “admin”, “editusers” or “editgroups”, or the “legal” group, then you can now use Persona to log in to bugzilla.mozilla.org :-) In particular, this means all Mozilla employees and security group members can now log in this way.
Make sure you use the correct email address; if you pick a different one to your usual one, Bugzilla will auto-create a Bugzilla account for it.
If for some reason you want b.m.o. not to accept Persona logins for your account, you can do so;
file a bug
to have your account manually added back to the “no-browser-id” group.
January 23, 2013 04:24 PM
January 18, 2013
Gervase Markham
Support for bugzilla.mozilla.org Users
BMO
is a core tool in the Mozilla project. There is now a shared, curated space for people’s tips, ideas, best practices, FAQs and so on relating specifically to BMO:
This includes
Things Every BMO User Really Should Do
, and a
BMO FAQ
(currently in its infancy).
Suggestions for additional content would be very welcome.
January 18, 2013 01:27 PM
December 21, 2012
Bugzilla Tips
Quicksearch Reference
“Quicksearch” is a way of searching Bugzilla using simple yet powerful syntax. The search box at the top of every page supports it.
Jesse Ruderman has written a wonderful
Quicksearch Reference
– a must-read if you search Bugzilla a lot.
December 21, 2012 11:25 AM
December 07, 2012
Bugzilla Tips
Even Faster Quicksearches
To speed up quicksearches, limit the search by product or component. Add “comp:
By analogy with the use of “:”, there are
abbreviations for some other common fields
as well.
(Thanks to Ben Hearsum and Ed Morley)
December 07, 2012 06:20 PM
December 01, 2012
Bugzilla Tips
Faster Quicksearches
Another guest post from Stefan Arentz:
“If you do a lot of quick searches to find bugs by summary and you don’t care about also looking into the comments of those bugs, flip the “Include comments when performing quick searches (slower)” to NO in your preferences.
A search for ‘radio antenna’ just went down from 30+ seconds to just a few seconds.”
December 01, 2012 02:12 PM
November 29, 2012
Bugzilla Tips
HTML Email
Guest tip from Stefan Arentz:
“Bugzilla actually does have HTML emails!
[As of version 4.2, but it’s been backported to bugzilla.mozilla.org’s 4.0 installation – Ed.]
I always though that it did not because I did not look further than the “Email Preferences” tab. But there actually is a “Preferred email format” under the “General Preferences” tab.
This makes Bugzilla emails 100x easier to read on a phone.”
November 29, 2012 02:08 PM
November 21, 2012
Gervase Markham
Bugzilla API 1.2 Released
I am proud to announce the release of version 1.2 of the
Bugzilla REST API
. This maintenance release has a bug fix or two, and some features useful to the admins of Bugzillas which BzAPI is pointed at.
The installation of BzAPI
1.0
on api-dev.bugzilla.mozilla.org
will go away in 4 weeks, on 19th December
. There is a limit to the number of old versions we can support on the server, particularly as the older ones can put a larger load on Bugzilla. Please use either the /1.2 or the /latest endpoints. Now that BzAPI has been stable for some time, tools which earlier rejected using the /latest endpoint may want to reconsider.
File bugs
Feedback and discussion
November 21, 2012 04:16 PM
April 05, 2012
Gervase Markham
bugzilla.mozilla.org Now Supports BrowserID
You can now log in to
bugzilla.mozilla.org
using
BrowserID
, courtesy of a
Bugzilla extension I wrote
. Log out and then click the “Login” link in the header and then the orange “Sign in” button to try it.
You can do this – unless, that is, you are a member of certain particularly sensitive groups. While Mozilla has great confidence in the BrowserID technology, it does not have perfect confidence in my coding ;-) Therefore, we are restricting who can log in until we get a little more experience with my extension. Eventually, it’s possible that we might go the other way and
require
BrowserID for certain sensitive groups, once BrowserID primaries appear with 2-factor authentication. But that’s a little way off yet.
If you visit your
permissions page
, you can see if you should be able to log in using BrowserID. If you are listed as a member of the “no-browser-id” group, you shouldn’t. Otherwise, you should. The no-browser-id group is currently made up of members of the following groups: admin, bz_sudoers, autoland, generic-assignees, hr, infrasec, legal, and anything with “security” in its name.
April 05, 2012 10:31 AM
Maintaining Multiple Versions of Documentation in a Wiki
Dear Lazyweb,
I know of some software, and it has documentation. I want to be able to maintain this documentation, for the general good of its userbase. At the moment, its documentation is XML files in a VCS, with their own special build procedure with prerequisites. That makes them hard to modify, and as a consequence they are often out of date and certainly not as good as they could be.
Requirement A): I’d like the documentation to be web-editable, because that makes it really easy for anyone to edit quickly, which makes it much more likely the documentation will actually be up-to-date. I want the URL for the “latest version” to always be the same URL.
Requirement B): My software has multiple versions. Once I release a version, I’d like to keep a copy of the documentation in the state that it applies to that version. It may not change much again, but needs to be able to accept bug fixes. However, trunk documentation development must continue. In other words, I need to be able to branch the documentation, check in independently to each branch, and give people URLs to either a branch or the trunk. Each version should have a URL containing the software version number.
Is there any software out there, ideally already in use by the Mozilla project, which can meet both A) and B)? A) is met by all wiki software. B) is met by all version control software. But I haven’t found wiki software with the concept of branches, and I haven’t found a VCS which can display documents prettily and has a web-based interface for editing.
These requirements don’t seem uncommon.
Proprietary software solves them
. Is there anything open source?
April 05, 2012 10:15 AM
May 04, 2011
David Miller
The hardware behind bugzilla.mozilla.org
I recently did up a diagram of how our Bugzilla site was set up, mostly for the benefit of other sysadmins trying to find the various pieces of it. Several folks expressed interest in sharing it with the community just to show an example of how we were set up. So I cleaned it up …
Continue reading
"The hardware behind bugzilla.mozilla.org"
May 04, 2011 06:40 PM
November 11, 2009
David Miller
Upgrading bugzilla.mozilla.org to version 3.4.3
We’re finally at the point where I can say we’re ready to upgrade Bugzilla @ Mozilla this weekend. We’re aiming for Sunday evening (probably 6pm PST). I’ll post again when I know how long it’ll be down for (and that’ll be included in the eventual downtime notice on the IT blog as well). There’s a …
Continue reading
"Upgrading bugzilla.mozilla.org to version 3.4.3"
November 11, 2009 08:41 PM
December 07, 2008
David Miller
Bugzilla news feed now available
So, thanks to Fowl’s comment in my previous entry, I tried out setting up the Google news/blogsearch keyword feeds for Bugzilla in Google Reader, and then individually sharing each of the entries that were actually about Bugzilla, and then using the shared items feed from Google Reader as the newsfeed. It turns out to work …
Continue reading
"Bugzilla news feed now available"
December 07, 2008 08:49 AM
December 02, 2008
David Miller
Bugzilla in the news
Dear LazyWeb…  🙂 I like to know how Bugzilla’s being talked about out in the world, so I subscribe to Google’s handy news and blog alert services where you can put in keywords and they’ll send you an email every time a new blog or news article shows up containing that/those keywords. This works really …
Continue reading
"Bugzilla in the news"
December 02, 2008 02:00 AM
September 02, 2008
David Miller
bugzilla.mozilla.org update
On Friday, I pushed a small update to bugzilla.mozilla.org that fixed bug 452799, where users who didn’t have ‘canconfirm’ privs in Bugzilla were posting bugs that had a status of NEW rather than UNCONFIRMED. This morning, I pushed an update to bugzilla.mozilla.org containing a plethora of additional fixes to address concerns raised since the Bugzilla …
Continue reading
"bugzilla.mozilla.org update"
September 02, 2008 02:32 PM
Feeds:
Atom
RSS 2.0
RSS 1.0
Subscription list:
FOAF
OPML
Last update: April 24, 2026 08:25 PM
All times are UTC.
Subscriptions
Bugzilla Tips
(feed)
Bugzilla Update
(feed)
David Miller
(feed)
Dylan Hardison
(feed)
Emmanuel Seyman
(feed)
Gervase Markham
(feed)
Mark Côté
(feed)
You can also follow a number of our contributors (some of whom don't blog)
on Twitter
Mozilla Foundation
Get Involved!
Maintained by
Bugzilla Webmasters
, powered by
Planet Venus
US