Moin, On Nov 21, 13 14:16:48 -0200, Claudio Freire wrote:
On Thu, Nov 21, 2013 at 1:04 PM, Stefan Behlert <behlert@suse.de> wrote:
Or... just file a new bnc with the non-sensitive description, a link to the private bnc, and add that to the changelog.
You are aware that we are talking about thousands of bugreports in the worst case?
No, I do not have SUSE stats.
This would mena that someone has to do this e.g. for all referenced security bugs, all SLES/SLED bugs and much more.
Supposedly, the work for extracting a minimal description of the bug into a public source would be small compared to actually fixing the bug.
Which could (and should) be added to the changelog then - not in a new bug. In my opinion.
Just to make this clear: Yes, we try to file as many bugs against openSUSE as possible, but there are still a lot left.
I wonder what is planned to achieve with that checking? You are not gaining any more information, as I doubt that a lot of people would really duplicate a (closed) security bug and strip of all related information (which btw makes the duplication worthless).
You are just taking information for some people away.
It is really really wrong to reference a bnc by number on a changelog when that bnc is private. It adds obscurity into the community and that's bad.
I agree with you in general, but I think it's worse to NOT have it referenced. And my fear (and from some past experiences I think it's a realistic fear) it will not end with people duplicating bug reports.
I agree that automatically checking and giving no exception mechanism puts SUSE employees in a position where they will probably choose to not a) push the change into openSuse, or b) reference the bug at all, and that's also bad.
But lets not forget that adding obscure changelogs *is* *quite* *bad* in open source.
I think if the short description in the changelog is "obscure", it's not because of the bugnumber ;) Realistically, if the changelog is good, how many people check all the bugnumbers? (Note: In an enterprise world the number here is 100% or close to, but I have my doubts that in openSUSE this is identical. But I have no numbers, so feel free to correct me.)
So, what do you propose? What *can* SUSE employees do to improve that situation?
My suggestion is to NOT change the current behavior, but put more emphasis on good changelog texts. Maybe a warning to the submitter is the best choice, so that he or she can check and (if possible) adjust the state of the bug? I am not claiming to have a solution, though :( My goal is to avoid disadvantages for openSUSE, as I think that all products will suffer - openSUSE as well as the Enterprise, as it could result in the loss of synergies. Stefan -- Stefan Behlert, SUSE LINUX Project Manager Enterprise Server Maxfeldstr. 5, D-90409 Nuernberg, Germany Phone +49-911-74053-173 SUSE LINUX Products GmbH, Nuernberg; GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org