On Friday 22 November 2013, Stefan Behlert wrote:
Moin,
On Nov 21, 13 14:16:48 -0200, Claudio Freire wrote:
On Thu, Nov 21, 2013 at 1:04 PM, Stefan Behlert <behlert@suse.de> wrote:
Or... just file a new bnc with the non-sensitive description, a link to the private bnc, and add that to the changelog.
You are aware that we are talking about thousands of bugreports in the worst case?
No, I do not have SUSE stats.
This would mena that someone has to do this e.g. for all referenced security bugs, all SLES/SLED bugs and much more.
Supposedly, the work for extracting a minimal description of the bug into a public source would be small compared to actually fixing the bug.
Which could (and should) be added to the changelog then - not in a new bug. In my opinion.
Just to make this clear: Yes, we try to file as many bugs against openSUSE as possible, but there are still a lot left.
I wonder what is planned to achieve with that checking? You are not gaining any more information, as I doubt that a lot of people would really duplicate a (closed) security bug and strip of all related information (which btw makes the duplication worthless).
You are just taking information for some people away.
It is really really wrong to reference a bnc by number on a changelog when that bnc is private. It adds obscurity into the community and that's bad.
I agree with you in general, but I think it's worse to NOT have it referenced. And my fear (and from some past experiences I think it's a realistic fear) it will not end with people duplicating bug reports.
I agree that automatically checking and giving no exception mechanism puts SUSE employees in a position where they will probably choose to not a) push the change into openSuse, or b) reference the bug at all, and that's also bad.
But lets not forget that adding obscure changelogs *is* *quite* *bad* in open source.
I think if the short description in the changelog is "obscure", it's not because of the bugnumber ;) Realistically, if the changelog is good, how many people check all the bugnumbers?
Packagers are doing it. If you read patch-xyz has been added because of bnc1234 then 1234 must be public.
(Note: In an enterprise world the number here is 100% or close to, but I have my doubts that in openSUSE this is identical. But I have no numbers, so feel free to correct me.)
So, what do you propose? What *can* SUSE employees do to improve that situation?
My suggestion is to NOT change the current behavior, but put more emphasis on good changelog texts.
You should log out from bugzilla for one week to get the feeling of us 2nd class packagers. It's not much fun with all these random non-sense bug numbers.
Maybe a warning to the submitter is the best choice, so that he or she can check and (if possible) adjust the state of the bug?
I am not claiming to have a solution, though :( My goal is to avoid disadvantages for openSUSE, as I think that all products will suffer - openSUSE as well as the Enterprise, as it could result in the loss of synergies.
Just kick out that closed bug numbers. It makes no sense that 99% of the ones who read it can't access it. I would rather support to add chinese text to the changelog than keeping these annyoing "dead links". cu, Rudi -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org