
Hey coreboot folks, people were nagging me to set up a bug tracker for the project. Last time we dicussed that, we mostly quibbled over the UI and data model (whether the tracker should feature free form vs. structured data bug entry), and that's a discussion I don't want to participate in, so I'm staying out of the decision which bug tracker it should be. My offer is: Figure out (collectively) what issue tracker is suitable for coreboot, promise you'll help keeping it clean (so it doesn't become a graveyard like our trac instance), and I'll set it up. Only four constraints as far as I'm concerned: 1. It must be somewhat CPU efficient. Funnily that rules out trac. 2. It must be maintained. I have no interest in watching out for XSS issues myself. 3. It must be OSI friendly licensed. Jira and similar "special license for open source projects we like" stuff doesn't count. 4. It must run on Linux (since that's what the server uses) It also shouldn't be too esoteric. I reserve the right to simply give up if installing the tracker involves having to figure out how to set up an S/360 emulator, then build the open source issue tracker using a K compiler that can only be found on Abandonware websites that are written in scripts (as in character sets) that I can't read. Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

2015-11-03 19:17 GMT+01:00 Patrick Georgi <pgeorgi@google.com>:
Hey coreboot folks,
people were nagging me to set up a bug tracker for the project.
Last time we dicussed that, we mostly quibbled over the UI and data model (whether the tracker should feature free form vs. structured data bug entry), and that's a discussion I don't want to participate in, so I'm staying out of the decision which bug tracker it should be.
My offer is: Figure out (collectively) what issue tracker is suitable for coreboot, promise you'll help keeping it clean (so it doesn't become a graveyard like our trac instance), and I'll set it up.
Only four constraints as far as I'm concerned: 1. It must be somewhat CPU efficient. Funnily that rules out trac. 2. It must be maintained. I have no interest in watching out for XSS issues myself. 3. It must be OSI friendly licensed. Jira and similar "special license for open source projects we like" stuff doesn't count. 4. It must run on Linux (since that's what the server uses)
It also shouldn't be too esoteric. I reserve the right to simply give up if installing the tracker involves having to figure out how to set up an S/360 emulator, then build the open source issue tracker using a K compiler that can only be found on Abandonware websites that are written in scripts (as in character sets) that I can't read.
http://www.flyspray.org/ (yes, from edgewall) Quoting http://trac.edgewall.org/wiki/FlySpray "Flyspray's development stalled in 2013, but restarted in 2015 with the promise to deliver version 1.0 in April-June 2015." It's now at 1.0b2
Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/03/2015 12:17 PM, Patrick Georgi wrote:
Hey coreboot folks,
people were nagging me to set up a bug tracker for the project.
Last time we dicussed that, we mostly quibbled over the UI and data model (whether the tracker should feature free form vs. structured data bug entry), and that's a discussion I don't want to participate in, so I'm staying out of the decision which bug tracker it should be.
My offer is: Figure out (collectively) what issue tracker is suitable for coreboot, promise you'll help keeping it clean (so it doesn't become a graveyard like our trac instance), and I'll set it up.
Only four constraints as far as I'm concerned: 1. It must be somewhat CPU efficient. Funnily that rules out trac. 2. It must be maintained. I have no interest in watching out for XSS issues myself. 3. It must be OSI friendly licensed. Jira and similar "special license for open source projects we like" stuff doesn't count. 4. It must run on Linux (since that's what the server uses)
It also shouldn't be too esoteric. I reserve the right to simply give up if installing the tracker involves having to figure out how to set up an S/360 emulator, then build the open source issue tracker using a K compiler that can only be found on Abandonware websites that are written in scripts (as in character sets) that I can't read.
Patrick
Is Bugzilla out of the question? - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) http://www.raptorengineeringinc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJWORE8AAoJEK+E3vEXDOFb/YQH/jXGbKa5kWiWCBSv0Z/3YZEz IUcmWtZw7MAUakdVtnyJoh1p7iU3ehwMXXA4qUb+j5KIcuTLE2NXLF90iur9dKVf nzxcB2EB6TnB+kmiHY2Nc07GE+P0z6MkvkxUzF33C1CwpZKznXeMmVIqwvTvuo6Z BQr5iCSSjriACGv8JBfdanIiis8/vJfV4T8RYZA26N6ql9JJhqtz/2qI+K1xRqwD kxuyFP2gcD5W5t2+r3Cm2DdobeOYP4LedaEgddVw7y9cjEVN7rbdi5ehAwQgC6MH iH+c/m65dKeAGfwYLbO3Po+aPaLlIBURhxlAEp+p8JLRYhP4JzNOli6ScFbNK1k= =s5Yg -----END PGP SIGNATURE-----

2015-11-03 19:17 GMT+01:00 Patrick Georgi <pgeorgi@google.com>:
people were nagging me to set up a bug tracker for the project. Well, to add, lynxis (Alexander Couzens) offers to setup a redmine instance. Since that removes admin duties from me, I'm quite in favor of that.
So, redmine? Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

I'm good with redmine, and if Lynxis is going to be the administrator, I think it's reasonable that he should be able to decide in what he's going to be working on. I had done some looking and thinking about before Lynxis offered to set up redmine, so I'll still present those items. These were my questions about what the community wanted from a bug tracker: - Is git integration needed or desired? (It might be nice, but I didn't think it was needed) - How about IRC integration? (I'd say no, but i wanted to put it out there) - Any requirements on the language that the tracker is written in? Python, Perl, Php, and Ruby seem to be the choices. - Are there any required login methods? Does it need to support the login types that review.coreboot.org supports? - Is (anonymous) public reporting desired, or do we want to require sign-in and user validation first? (I'd vote for sign in) These were the results of looking through all of the various defect trackers - mostly from wikipedia's page: https://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems System Git License Language demo or example Bugzilla Yes MPL Perl https://landfill.bugzilla.org/ Flyspray No? LGPL 2.1 PHP https://bugs.flyspray.org/ MantisBT Yes GPL PHP https://www.mantisbt.org/bugs/my_view_page.php Redmine Yes GPLv2 Ruby http://demo.redmine.org/ Roundup No MIT Python http://issues.roundup-tracker.org/ The Bug Genie Yes Mozilla PHP http://www.opensourcecms.com/scripts/details.php?scriptid=307&name=The%2520B... I did like the looks of Flyspray - It seems pretty light weight - as opposed to bugzilla, which seems overly large for what we need. MantisBT and Redmine were the others that I though looked interesting. Roundup and The Bug Genie didn't particularly appeal to me, but they seemed fit the criteria. Trac and Apache Bloodhound were also initially on my list, but I removed them due to Patrick's comments. Martin On Wed, Nov 4, 2015 at 1:10 AM, Patrick Georgi <pgeorgi@google.com> wrote:
2015-11-03 19:17 GMT+01:00 Patrick Georgi <pgeorgi@google.com>:
people were nagging me to set up a bug tracker for the project. Well, to add, lynxis (Alexander Couzens) offers to setup a redmine instance. Since that removes admin duties from me, I'm quite in favor of that.
So, redmine?
Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot

Martin Roth wrote:
Trac and Apache Bloodhound were also initially on my list, but I removed them due to Patrick's comments.
FWIW I'd be happy to host a Trac instance for coreboot. But I'd rather that lynxis runs a redmine, so that I don't have to. ;) //Peter

2015-11-04 16:57 GMT+01:00 Martin Roth <gaumless@gmail.com>:
- Are there any required login methods? Does it need to support the login types that review.coreboot.org supports? redmine has an omniauth plugin that should allow OpenID and OAuth2 (Google/Github flavor). I'd prefer using that over yet another account database.
- Is (anonymous) public reporting desired, or do we want to require sign-in and user validation first? (I'd vote for sign in) We're lucky with gerrit (or maybe OpenID is enough of a hurdle), but anonymous bug trackers tend to be extremely maintenance heavy to sort out the spam. I'd go for requesting OpenID/OAuth accounts, similar to gerrit.
Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2015 12:00 PM, Patrick Georgi wrote:
2015-11-04 16:57 GMT+01:00 Martin Roth <gaumless@gmail.com>:
- Are there any required login methods? Does it need to support the login types that review.coreboot.org supports? redmine has an omniauth plugin that should allow OpenID and OAuth2 (Google/Github flavor). I'd prefer using that over yet another account database.
- Is (anonymous) public reporting desired, or do we want to require sign-in and user validation first? (I'd vote for sign in) We're lucky with gerrit (or maybe OpenID is enough of a hurdle), but anonymous bug trackers tend to be extremely maintenance heavy to sort out the spam. I'd go for requesting OpenID/OAuth accounts, similar to gerrit.
Patrick
+2 on the OpenID suggestion; I don't like having to maintain what effectively become throwaway accounts on various third-party systems. - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) http://www.raptorengineeringinc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJWO55gAAoJEK+E3vEXDOFbZ0MIAKIjUX7KCiaADYe1Wpep+vir v4BDlpZdTlkby5xv2SJXCfGbRZsEP247yRL01dkT129uYGn3Nm3HQpduVfOkoJ5P QBVPUvVGvUJThfbnknpET0c+Xsqlth8m5AgfIqxDhlwf3ozzd7c6yD3SQcr3IGzP yT1W+rkPixXw2DNpVzLXWjGrmvNDCUnUylxuw/E7rOnTvsccJd3aMfTBt/m0Sip1 nBjD8PsRL1hcj+A8XD/RzGdshsuPCb6i8sdsaWE4sHLzZI1w2rE8/VNxjrYVGXx9 0dDepc8INu6f1kIIB2P7TOus+NhMNFsUiXPmRx3lkr/mBkGbuos3USWhervbsQg= =9QFi -----END PGP SIGNATURE-----

* Timothy Pearson <tpearson@raptorengineeringinc.com> [151103 20:55]:
Is Bugzilla out of the question?
I would like Bugzilla, too. Stefan

* Patrick Georgi <pgeorgi@google.com> [151105 19:00]:
2015-11-04 16:57 GMT+01:00 Martin Roth <gaumless@gmail.com>:
- Are there any required login methods? Does it need to support the login types that review.coreboot.org supports? redmine has an omniauth plugin that should allow OpenID and OAuth2 (Google/Github flavor). I'd prefer using that over yet another account database.
+2!
- Is (anonymous) public reporting desired, or do we want to require sign-in and user validation first? (I'd vote for sign in) We're lucky with gerrit (or maybe OpenID is enough of a hurdle), but anonymous bug trackers tend to be extremely maintenance heavy to sort out the spam. I'd go for requesting OpenID/OAuth accounts, similar to gerrit.
Looking at how long it took for people to stop sending award bios disassemblies around to the mailing list, I strongly encourage not having an anonymous service. It's not doing the project a good service. Stefan

Let's not do anon service. Our last bug tracker became a transit point for all kinds of junk. ron

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/09/2015 05:04 PM, ron minnich wrote:
Let's not do anon service. Our last bug tracker became a transit point for all kinds of junk.
ron
Agreed. OpenID or similar only please. - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) http://www.raptorengineeringinc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJWQSjdAAoJEK+E3vEXDOFbvKMIALPZ1AZzCBVcoU3JmVgRC9/G Mud2JUQiVLUFX1TiOxmu8f5CIf0Zt6T+XvQH1TtxgkQ8ytnjSyZdEgSmjS8XU63T XZ2qQBHFZOpVrcLRSD71FOc5Q4u3xfBCzF+ldrGTSWDRXvwDuEGG+UcA8hwVTlUW rUWhZeLdPL9aJTOBg4pCqorfxuIGs6BBKiyNqk006duxN2FPiNNQOwg8FUugK7Rn 1wo/lMzSNE2sKv5U1b2UqXVQcvbpMx7PS7S9MffnEYu/DD78IQotTQqmPZWpxxjA v4dPTXPQouXiFkM2kF+ExkE/nZx6Na//bWaks30qSis8ARO7MzL40kgPDm+yoHs= =8uxg -----END PGP SIGNATURE-----

Hi, I've started to setup a redmine. The openid integration seems to need more improvements, but it should work as soon ssl works (and a another patch applied). @Stefan/Patrick Can you create a CName for ticket.coreboot.org -> coreboot.dtn10.de Next question is, how we handle the ssl stuff. Should we try let's encrypt? Best lynxis On Thu, 5 Nov 2015 09:15:41 -0800 "Alex G." <mr.nuke.me@gmail.com> wrote:
Let's try it.
-- Alexander Couzens mail: lynxis@fe80.eu jabber: lynxis@fe80.eu mobile: +4915123277221 gpg: 390D CF78 8BF9 AA50 4F8F F1E2 C29E 9DA6 A0DF 8604

* Alexander Couzens <lynxis@fe80.eu> [151110 05:30]:
@Stefan/Patrick Can you create a CName for ticket.coreboot.org -> coreboot.dtn10.de
Done.

Hi, I've setted up a bug tracker. https://ticket.coreboot.org/ login/registration via openid, google. New users need a confirmation by zaolin or me. If there is anything missing, I'm happy to receive any feedback. Best, lynxis -- Alexander Couzens mail: lynxis@fe80.eu jabber: lynxis@fe80.eu mobile: +4915123277221 gpg: 390D CF78 8BF9 AA50 4F8F F1E2 C29E 9DA6 A0DF 8604

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/09/2015 10:30 PM, Alexander Couzens wrote:
Hi,
I've started to setup a redmine. The openid integration seems to need more improvements, but it should work as soon ssl works (and a another patch applied).
@Stefan/Patrick Can you create a CName for ticket.coreboot.org -> coreboot.dtn10.de
Next question is, how we handle the ssl stuff. Should we try let's encrypt?
Best lynxis
On Thu, 5 Nov 2015 09:15:41 -0800 "Alex G." <mr.nuke.me@gmail.com> wrote:
Let's try it.
The OpenID login is still not working; additionally I appear to have somehow been locked out of my account and there is no password reset feature (having to handle yet another authentication system with its own bugs is one reason why OpenID was preferred). https://ticket.coreboot.org/issues/15 is still a problem; see latest uploads here: https://review.coreboot.org/gitweb?p=board-status.git;a=commit;h=046dbe64930... Can someone with tracker access please set that bug to reopened? Thanks! - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) http://www.raptorengineeringinc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJWdDllAAoJEK+E3vEXDOFbUtcIALUC8Q3nRtkJuBoy0ttH6oC9 A5Mn9dHsed6RkvmpmQaP0XRtXg2dQGgTB9FwhIGwImsjY5xwlXfDwbSv4/l8k66Z tDRs4QeKvgr8sAJFn8SHtHyVxv8HU+huJA7s0b+bPTL0CFpkKjCs5vzAheA4G25u TRU0yTXbncLLKLSjs9rO5zyJf1F9YZ44b9oYlKaqr97r4Qw/3NerWJjyhP68WX8S unXVFYUh75RyI8Q/TiCEVNxOH+JmN2KIUV8+BImaZvSEAOvng3uDqOuOqg6plLAb 2KJUqY9CYTUhJi0kzyQZCMGq+rqLCwBTxIuN9dZihvdh4PhLcGCVVjbWtCq4n6w= =pIzG -----END PGP SIGNATURE-----
participants (9)
-
Alex G.
-
Alexander Couzens
-
Idwer Vollering
-
Martin Roth
-
Patrick Georgi
-
Peter Stuge
-
ron minnich
-
Stefan Reinauer
-
Timothy Pearson