The version of bugzilla on the FreeDOS web site is kind of old, and
there have been some security vulnerabilities/updates against it
(looks like mainly XSS information leaking.) So I do need to update
our version of bugzilla sometime soon. It would be Really Bad to have
the www.freedos.org site suspended by SourceForge because our
out-of-date bugtracker lead to a break-in on the SourceForge servers.
I didn't see any issues that might lead to intrusion, but you never
know about future issues.

It's going to be a pain to update bugzilla. Besides that, mail hasn't
worked on our bugzilla for a long time due to how SourceForge
configures the web server. So I am in the unfortunate position of
emailing new users their bugzilla passwords. While a mail workaround
is possible, it's kind of a hack and will break when I next update
bugzilla. I've never wanted to put in the effort to do it, knowing it
would work only until the next bugzilla update, then I'd have to chase
down another solution. So after this update I'd like to look at what
else we can do for bug tracking in FreeDOS, something that requires a
lot less effort from me.

Specifically, I'd really like to move our bugs into the SourceForge
Tracker system.

A major down-side to the SF Tracker is that there's no way to convert
bugzilla bugs into it. I had a few support requests open with SF for
over a year now, going back and forth with them through several SF
management changes. I even promised to donate $$ to fund them writing
such a thing. But they eventually came back with the final decision
that this is not something they are able to do, and writing a
converter for bugzilla isn't on their priority list for SourceForge
anyway. I can understand that.

So to move to the SF Tracker, we would basically need to pick a date
in the future, and after that date we would not use bugzilla to enter
any bugs / feature requests. After that cutover date, the bugzilla
database would be put into "update only / no new bugs" for a certain
time period, then I would plan to archive the bugzilla bugs to a
read-only system and dismantle bugzilla.


A few questions for discussion:

1. What do you guys think? Keep our bugs in bugzilla or move to the SF
Tracker? (If we keep bugzilla, I really need to pass that to someone
else, as I want to start work on an MOT advanced degree this year.)

2. What date do we set for our cutover to the SF Tracker?

3. After the cutover to the SF Tracker, how long do we keep bugzilla
in "update only / no new bugs" mode before archiving to read-only?



-jh


PS - "MOT" is like an MBA, but for people in IT. It's going to be a
lot of extra effort, and means more work for me.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Freedos-devel mailing list
Freedos-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-devel

Reply via email to