The version of bugzilla on the FreeDOS web site is kind of old, and there have been some security vulnerabilities/updates against it (looks like mainly XSS information leaking.) So I do need to update our version of bugzilla sometime soon. It would be Really Bad to have the www.freedos.org site suspended by SourceForge because our out-of-date bugtracker lead to a break-in on the SourceForge servers. I didn't see any issues that might lead to intrusion, but you never know about future issues.
It's going to be a pain to update bugzilla. Besides that, mail hasn't worked on our bugzilla for a long time due to how SourceForge configures the web server. So I am in the unfortunate position of emailing new users their bugzilla passwords. While a mail workaround is possible, it's kind of a hack and will break when I next update bugzilla. I've never wanted to put in the effort to do it, knowing it would work only until the next bugzilla update, then I'd have to chase down another solution. So after this update I'd like to look at what else we can do for bug tracking in FreeDOS, something that requires a lot less effort from me. Specifically, I'd really like to move our bugs into the SourceForge Tracker system. A major down-side to the SF Tracker is that there's no way to convert bugzilla bugs into it. I had a few support requests open with SF for over a year now, going back and forth with them through several SF management changes. I even promised to donate $$ to fund them writing such a thing. But they eventually came back with the final decision that this is not something they are able to do, and writing a converter for bugzilla isn't on their priority list for SourceForge anyway. I can understand that. So to move to the SF Tracker, we would basically need to pick a date in the future, and after that date we would not use bugzilla to enter any bugs / feature requests. After that cutover date, the bugzilla database would be put into "update only / no new bugs" for a certain time period, then I would plan to archive the bugzilla bugs to a read-only system and dismantle bugzilla. A few questions for discussion: 1. What do you guys think? Keep our bugs in bugzilla or move to the SF Tracker? (If we keep bugzilla, I really need to pass that to someone else, as I want to start work on an MOT advanced degree this year.) 2. What date do we set for our cutover to the SF Tracker? 3. After the cutover to the SF Tracker, how long do we keep bugzilla in "update only / no new bugs" mode before archiving to read-only? -jh PS - "MOT" is like an MBA, but for people in IT. It's going to be a lot of extra effort, and means more work for me. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Freedos-devel mailing list Freedos-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-devel