I knew I had seen an apache issue tracker project... https://bloodhound.apache.org/ which evidently descends from Trac, but it appears to be more or less dead with no activity easily seen since 2014 :(
On Mon, May 9, 2022 at 10:27 AM Gus Heck <[email protected]> wrote: > Ok my quick search led me astray I somehow thought Jackrabbit was an > isuse tracker because I landed on that page first.. disregard that. > > On Mon, May 9, 2022 at 10:19 AM Gus Heck <[email protected]> wrote: > >> On the suggestion of private security only repo in another mail... that >> seems to mean security issues can never be made public? Presently we have a >> culture of openness where once the issue is resolved and a fix release we >> share the discussion. I think that's good since it can then lead security >> researchers or others to test our fix better and users can better >> understand why we had to remove something or whatever. >> >> responses inline >> >> On Sun, May 8, 2022 at 11:51 PM Marcus Eagan <[email protected]> >> wrote: >> >>> Many of my opinions have been expressed, and of course my (non-binding) >>> vote for switching to GitHub issues is of little to no consequence. >>> >>> >> Binding votes are not the only important votes, as Tomoko pointed out. >> >> >>> I feel it would be wholly damaging to the Microsoft brand to pull the >>> rug under the many open source projects owned by non-profits and hosted >>> entirely on GitHub. Their leadership is trending toward the good and any >>> absurd actions like that would have very serious ramifications for their >>> business. I think it's a non-issue for the foreseeable future that is >>> outweighed by the benefits of shedding Jira. Furthermore, here's a short >>> list of tutorials >>> <https://gist.github.com/MarcusSorealheis/c3e5055442b89fdf0d32c392e95ea314> >>> for >>> migrating back to Jira in a doomsday scenario. >>> >> >> I don't disagree, and I acknowledge that the recent trend is much >> improved, but It's a lever by which an external company motivated by profit >> can disrupt us if it happens to be in their interest. (besides profit, >> there could be political motives etc, Imagine prominent pmc members expose >> a flaw that really hurts them or sign some sort of open letter in favor of >> a political candidate that explicitly wants to target them with antitrust >> laws... not that happens anymore in the US but nevermind... ). >> >> I have a bias for the ASF and its projects to be self-sufficient >> where feasible, and while loss of donations would be an issue >> regardless, that would have to be at the ASF level and couldn't target >> specific projects or individuals making it far less attractive. One can >> argue that the irritations in Jira are making it infeasible, but that's my >> bias. >> >> >>> >>>> - No way to enforce that a resolution label is applied to the issue. >>>> >>>> We can enforce labels. It will require some customization to some of >>> the existing options. Here is a popular one >>> <https://github.com/marketplace/actions/require-labels>. >>> >> >> Hmm those are labels on PR's not issues. Github does not have an issue/pr >> direct linking >> >> Which reminds me I don't think there's a way to link issues such as "this >> one blocks that one" or "This one is related to that one", etc. >> >> >>> >>> >>>> - Document with each issue the Affected version and the fixed >>>> version. >>>> >>>> There are many ways to do this one. The simplest is the issue template >>> <https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository>. >>> There are many others, though. >>> >> >> It seems that an issue template would put this information in a comment >> where it's not filterable, and would need to be maintained. >> >> There does seem to be an edit history but is there a label history? In >> Jira basically any action on the issue is auditable. Imagine someone >> registers an account and does something malicious (say someone who didn't >> like us went and removed labels from a ton of issues? how would we know >> who, and what labels to put back?). Hard to imagine perhaps, but the >> internet is large and contains a large number of weirdos... >> >> >>> >>> Jira is very robust, but it is daunting. It seems that to make this >>> proposal viable, a few members of the community need to commit to setting >>> up and facilitating the transition. To me, it feels like a two month >>> effort. >>> >>> Regarding .patch files, I think there are very few systems that still >>> rely on them. >>> >> >> If we as a group decide to drop support for them, that's a possible >> decision. It might need to precede the move to GitHub. >> >> >>> , I despise how annoying Jira gets and think that more developers could >>> get involved if we removed that dependency. GitHub actions give us lots of >>> customizability. >>> >> >> Oh yes. Did you note my all caps words ;) I'm in no way suggesting that >> Jira is particularly friendly to use. It's particularly frustrating that >> half the things I listed look like they should be relatively easy to fix >> and in one case they did it to themselves for no reason I can fathom. >> Context and performance really being harder (context would take some >> careful design so that the users who want to work across projects still >> can, and really users like me would want a 2 project context...). I suspect >> however that actions can't overcome the fact that Github doesn't store >> distinct fields so unless we have some way of pulling data out of issue >> comments and making it searchable, under separate fields, there will be >> gaps. >> >> It's been a long time since I've tried to look around in the issue >> tracker space. Are there 3rd options that might be easier to use, under our >> direct control and perhaps easier to influence. I've not looked at it, what >> do we know about https://jackrabbit.apache.org/jcr/issue-tracker.html ? >> Would have a nice ASF using it's own software angle... >> >> > > -- > http://www.needhamsoftware.com (work) > http://www.the111shift.com (play) > -- http://www.needhamsoftware.com (work) http://www.the111shift.com (play)
