Mailinglist Archive: opensuse-packaging (174 mails)

< Previous Next >
Re: [opensuse-packaging] factory-auto will start checking bnc# visibility
On Friday 22 November 2013, Stefan Behlert wrote:

On Nov 21, 13 14:16:48 -0200, Claudio Freire wrote:
On Thu, Nov 21, 2013 at 1:04 PM, Stefan Behlert <behlert@xxxxxxx>
Or... just file a new bnc with the non-sensitive description, a
link to the private bnc, and add that to the changelog.

You are aware that we are talking about thousands of bugreports
in the worst case?

No, I do not have SUSE stats.

This would mena that someone has to do this e.g. for all
referenced security bugs, all SLES/SLED bugs and much more.

Supposedly, the work for extracting a minimal description of the
bug into a public source would be small compared to actually fixing
the bug.

Which could (and should) be added to the changelog then - not in a
new bug. In my opinion.

Just to make this clear: Yes, we try to file as many bugs against
openSUSE as possible, but there are still a lot left.

I wonder what is planned to achieve with that checking?
You are not gaining any more information, as I doubt that a lot
of people would really duplicate a (closed) security bug and
strip of all related information (which btw makes the duplication

You are just taking information for some people away.

It is really really wrong to reference a bnc by number on a
changelog when that bnc is private. It adds obscurity into the
community and that's bad.

I agree with you in general, but I think it's worse to NOT have it
referenced. And my fear (and from some past experiences I think it's
a realistic fear) it will not end with people duplicating bug

I agree that automatically checking and giving no exception
mechanism puts SUSE employees in a position where they will
probably choose to not a) push the change into openSuse, or b)
reference the bug at all, and that's also bad.

But lets not forget that adding obscure changelogs *is* *quite*
*bad* in open source.

I think if the short description in the changelog is "obscure", it's
not because of the bugnumber ;)
Realistically, if the changelog is good, how many people check all
the bugnumbers?

Packagers are doing it. If you read patch-xyz has been added because of
bnc1234 then 1234 must be public.

(Note: In an enterprise world the number here is 100% or close to,
but I have my doubts that in openSUSE this is identical. But I have
no numbers, so feel free to correct me.)

So, what do you propose? What *can* SUSE employees do to improve
that situation?

My suggestion is to NOT change the current behavior, but put more
emphasis on good changelog texts.

You should log out from bugzilla for one week to get the feeling of us
2nd class packagers. It's not much fun with all these random non-sense
bug numbers.

Maybe a warning to the submitter is
the best choice, so that he or she can check and (if possible) adjust
the state of the bug?

I am not claiming to have a solution, though :(
My goal is to avoid disadvantages for openSUSE, as I think that all
products will suffer - openSUSE as well as the Enterprise, as it
could result in the loss of synergies.

Just kick out that closed bug numbers. It makes no sense that 99% of the
ones who read it can't access it. I would rather support to add chinese
text to the changelog than keeping these annyoing "dead links".

To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >