On Thu, 26 Mar 2009, Darren J Moffat wrote:
Peter Memishian wrote:
> > > (Now if only I could go back and edit my comment to use that ;)
> >
> > i know you're smiling, but, for the record, this isn't bugster,
> > you can't :).
>
> In general, people should be tolerant of errors and only correct
> comments if it's really necessary.
In my experience (as a submitter/RE for roughly two thousand Solaris bugs)
I *often* need to go back and revise previous entries in order to keep the
problem and solutions statements clear and correct as new information
comes to light. This is especially important for other organizations such
as support and sustaining that use the bug reports to identify and address
issues that exist in older releases. Unclear or incorrect statements in
bug reports cost Sun money and cost customers time.
If this is not supported with Bugzilla, I'd put it on my "must have" list.
To meem's comment, that was captured in the gap analysis Scott & I ran.
I'll post the results in about 2 minutes :)
Though I've only submitted about half of what meem has I completely agree.
I've worked in Sun Service as a support engineer, and in sustaining (now
called RPE) dealing with customer escalations so I've seen the bug database
from several views.
This capability has been with us not just in bugster but the previous bugtraq
and bugtraq+ as well.
There are sometimes other reasons why we need to edit bugs other than
correcting technical information:
simple typos that completely changing the meaning that we
don't catch until seconds after we hit submit. No posting
a follow "correction" comment is the wrong thing here.
Removing sensitive information that was accidentally put in
the wrong place - hopefully with a completely opensolaris.org
hosted bug system the humans entering the info should be more
aware but it won't always be the case.
Given that Bugzilla doesn't (at least as far as I've seen it) have different
comment groupings for "Comments", "Evaluation", "Workaround" etc this is even
more important that we have the ability to edit a past comment.
That is also captured. Due to the way our large organization works,
often someone really just needs to find the workaround to help
provide relief to the customer. Having the workaround mixed in
with the standard debugging comments can make it essentially disappear.
For the record I'm security person and I care about the audit trail of the
bugs - it is important for us getting Common Criteria certification of
OpenSolaris. When a comment is edited it should be logged in the history
trail for the bug. However I don't believe that editing comments that you
made yourself should be an action requiring specific authorisation, or even
for those made by others providing you are warned that it wasn't your comment
(and the change is logged in the history trail).
Auditing is severely lacking, from what I can tell as a bugzilla admin.
Even adminstrative tasks are not audited!
I imagine the "write once" is so much easier to implement from a locking
and auditing perspective, which is probably why so many systems work
like this.
Valerie
--
Valerie Fenwick, http://blogs.sun.com/bubbva
Solaris Security Technologies, Developer, Sun Microsystems, Inc.
17 Network Circle, Menlo Park, CA, 94025.
_______________________________________________
tools-discuss mailing list
tools-discuss@opensolaris.org
