Weekly Edition
Return to the Distributions page
| |||||||||||||
Which bug tracker?It is something of a recurring question in the Linux world: where should users file bug reports, with the distribution or the upstream project? There are pros and cons to each side, but there are some subtleties. Generally, the first bug report will come to the distribution, but how it should be handled from there, and who is in the best position to work with the upstream project on a bug, is sometimes contentious. The topic came up again in a thread on the fedora-devel mailing list started by Florian Weimer, who asked about the preferred place to file bugs, enhancement requests in particular. Requests for enhancement are something of a special case, really, because they typically represent a personal preference that may or not be shared by others—the package maintainer, for example. As Rex Dieter put it, it should be up to the maintainer's discretion:
Obviously, if
it's something they are interested in or is important, it likely is in their
best interest to help move feature requests upstream. If not, well, then
that burden is probably best left to you (or some other interested party).
That dispensed with the feature request question for the most part, and the thread moved on to the larger question of bug reports and the responsibilities of a package maintainer. Jóhann B. Guðmundsson took a hard line on what maintainers should do:
Yes it's the distribution maintainers responsibility to forward that
request upstream if that is the case followed by notifying the reporter
they have done so with a link to the upstream report in the relevant bug
report in bugzilla.redhat.com.
But others were not so absolute. Many of Fedora's packagers are volunteers, so it is difficult to expect them to devote their time to working with upstream projects on bugs they may not even be able to reproduce. In those cases, it makes more sense to refer the reporter to the upstream bug tracker so that they can work with the project on solving the bug. Jeffrey Ollie outlined some of those reasons packagers may not be able, or sometimes willing, to be the go-between for the bug reporter and the project. He notes that it is not part of his regular job to maintain packages. In addition, many of the bugs reported are not those he can track down himself, but, when he can, he does try to look into the problem: "For most bug reports, I'm willing to take a little bit of time and see if there's a new release I've missed or if the bug has been already identified upstream and there's a patch that can be applied." Guðmundsson replied with an unbending view: "Then you should not be maintaining that component". Others saw things differently, finding a bit more room for divergent opinions. Richard Shaw noted that a programming background isn't required to be a packager for Fedora, while others took umbrage at the tone. Ollie said that there is no one right answer, as it depends on a number of factors:
The tl;dr summary is that there shouldn't be a single
standard for what we expect of packagers, especially in the context of
what to expect when bugs are filed against their packages on Red Hat's
bugzilla. My view is that expectations are going to depend on the
criticality of the package to Fedora (kernel, installer, default
desktop stack) and the packager (are they being paid to maintain the
package in Fedora or are they volunteering their time).
Package maintainers are not necessarily intimately familiar with the code for the project—or projects—they maintain. Building the code and pulling it into an RPM file is all that is really required. Having maintainers that are knowledgeable about the code is certainly desirable, but may not be all that realistic. Given that, it probably makes sense not to have a rigid policy. Eric Smith put it this way:
For some of the packages I maintain, I am able to do some
bug fixing myself, and forward the patches upstream. For other
packages, I have done the packaging because I use the software, but I
am not at all knowledgeable about the innards, and get lost quickly
trying to fix any bugs. I think it's reasonable in those cases to
advise that the user report the bugs upstream.
But, as Ian Pilcher pointed out, bugs filed upstream by a package maintainer may carry more weight than a user's bug would. It is not a malicious act by the project, he said, more of a "social triage" to try to separate the wheat from the chaff. "In many cases, the Fedora packager has built up a level of credibility with the development community that could get a bug report the attention that it deserves." The Fedora package maintainer responsibilities document contains a lot of suggestions for how packagers should work with upstreams, but doesn't actually require all that much. For example, it is recommended that packagers "forward severe bugs upstream when possible for assistance". It also suggests that bugs reported be dealt with in a timely manner, possibly with the assistance of co-maintainers or others more familiar with the code (including the upstream project). Bug reports vary widely in their quality, but those generated from distributions are often not very applicable upstream as well. Distributions tend to lag project releases, so the version that the distribution user is reporting a bug against may well be one or more releases behind the project's version. Many projects aren't terribly interested in bugs in older versions, and would rather see whether the bug exists in the latest release. Other projects are only interested in bugs that are reproducible in the latest code in their source code repository. In either of those cases it may be difficult for a user (or even a packager) to determine whether the bug is still present, which just throws up one more barrier to bug reporting. Systems like Ubuntu's Launchpad, where upstream bugs can be linked to the distribution bug report may help, but don't solve some of the underlying problems inherent in bug reporting. Bug handling is not primarily a technical problem, though some technical measures may help. Getting better bug reports from users, with reproducible test cases and all the required information is, to a large extent, a social problem. Back in early 2011, we looked at a similar discussion in the Debian community, which touched on earlier Fedora struggles with the problem as well. Handling bugs is tricky for any number of reasons, and it is hard to imagine that there is "one true policy" out there that would alleviate most or all of the problems. Proper bug handling just depends on too many variables to make any kind of rational, hard-and-fast rules about it. Discussions like these can only help devising guidelines and best practices, though, and we will undoubtedly see them pop up again. (Log in to post comments)
Which bug tracker? Posted Jun 27, 2013 1:28 UTC (Thu) by lisandropm (subscriber, #69317) [Link]
s/Fedora/$YOUR_DISTRO/ and the thread would have gone the same way.
For some bugs people fill in Debian's BTS I usually send a template saying something like "The bug you reported is an upstream bug. Please do foo and var to report it upstream. You can also link it to this bug doing blah".
Of course, there will be cases in which I may be mistaken and the bug was actually a packaging one, some others may be debatable, some are OK. But so far the income seems to be that bug reporters do forward the bug upstream.
Which bug tracker? Posted Jun 27, 2013 4:07 UTC (Thu) by pabs (subscriber, #43278) [Link]
As an upstream, I look at the bug trackers, support queries, patches and packagaging repos (for hacks I could fix in a better way) for all the redistributors that I can find. I do this approximately once per release but I don't release often. I find links to these using whohas and search engines and then add links in the upstream bug/patch/support trackers to the downstream trackers. One day I would like to be using sd for this so I can get all bugs from upstream and downstream on my laptop.
As a user, I prefer to report to both Debian and upstream but sometimes they are one and the same or I'm feeling lazy.
Which bug tracker? Posted Jun 27, 2013 7:03 UTC (Thu) by micka (subscriber, #38720) [Link]
Upstream bugtrackers are a pain, in general.
First, you must find them. I can't count the times where I had to skim through the website for a hidden link to the tracker. Sometimes, it's nicely exposed on the home page, other times it's hidden under "contribute" or "developpers".
Then, you're confronted to the tracker itself, with their diverging terminology (is it a bug ? is it a ticket ?) and their interface can be a pain (trac being aworst case, in my opinion).
And then... You need to register. Yes, for each and every package, if you want to report a bug, you have to create an account at least once. Multiple time if you happen to forget you account id or password in the time between two reports. The only benefit I see is that you can get mail notifications, and that's nice but that doesn't require an account, only giving an email address at bug creation.
So yes, using the distribution tracker has the same problem, but you only learn once (where to find it, how to search for bugs, how you report etc.).
One big step that would help is upstream accepted unregister bug reporting.
Which bug tracker? Posted Jun 27, 2013 11:39 UTC (Thu) by sionescu (subscriber, #59410) [Link]
That's not true, many projects use launchpad or github.
Which bug tracker? Posted Jun 27, 2013 12:05 UTC (Thu) by madscientist (subscriber, #16861) [Link]
GNU's Savannah site also accepts unregistered reporting. Of course if you report a bug anonymously you don't get notified when it's fixed.
The big problem with unregistered reporting (and commenting) is spam. Spammers are why we can't have nice things on the internet.
Which bug tracker? Posted Jun 27, 2013 12:06 UTC (Thu) by micka (subscriber, #38720) [Link]
...and Sourceforge. Yes, less and less, and that's not a bad thing.
And many project have their own instance of Redmine, Trac, bugzilla. Happily, I have not seen any Mantis recently.
It's not a bad thing that projects have "private" trackers, it's just they should be proeminent and without registration/authentication.
BTW, I have never (yet ?) reported anything on Launchpad. Are there many projects there ?
Which bug tracker? Posted Jun 28, 2013 17:06 UTC (Fri) by iabervon (subscriber, #722) [Link]
Actually, what I think would be awesome is if common "private" trackers accepted OpenID (or such) and distro trackers provided it. That way, users could maintain their bug-reporting identity with their distro, and already have authenticated access to upstream trackers.
Which bug tracker? Posted Jun 27, 2013 8:18 UTC (Thu) by ovitters (subscriber, #27950) [Link]
I removed myself as a package maintainer from Mageia packages due to the expectation that you're responsible for every single bugreport. You have to handle upstream, figure out the cause, etc. It eats up loads and loads of time. At the same time it is stupid work, if a package doesn't differ too much from upstream a forward to upstream results in a very quick response.
Then aside from that you have the bugs triggered by decisions elsewhere in the distribution. E.g. Mageia changing the gtk+ and icon theme. Bugs caused by that are possibly a bug in the application. However, upstream won't care too much or says that the bug is in the other theme. Then as a packager you're on your own as it becomes an argument regarding that another theme should just work and that you're the package maintainer and you should just fix it.
Things like this removes all the fun. It would be better if you're not solely responsible. I like packaging, ensuring that new versions are available. I don't like the vast amount of time spent playing politics or just acting as a go between.
Which bug tracker? Posted Jun 27, 2013 9:20 UTC (Thu) by dgm (subscriber, #49227) [Link]
> I don't like the vast amount of time spent playing politics or just acting as a go between.
In other words, you like the credit but avoid the responsibility.
Which bug tracker? Posted Jun 27, 2013 11:35 UTC (Thu) by ovitters (subscriber, #27950) [Link]
That aren't other words. For trolling, maybe try Slashdot. I think it is more appropriate there.
I contribute. What the fuck have you done?
Which bug tracker? Posted Jun 28, 2013 11:41 UTC (Fri) by dgm (subscriber, #49227) [Link]
Write code. Maybe you used it to contribute.
Which bug tracker? Posted Jun 28, 2013 17:28 UTC (Fri) by mathstuf (subscriber, #69389) [Link]
There are packages I maintain in Fedora because I use them and they've been orphaned and I wanted to keep them alive, others I maintain because they're dependencies of the package I actually care about. If someone has some problem with a package I maintain that's way outside my use cases, I can't always have to time to chase down the issue if it's some bug which only occurs when you're typing with your elbows during a full moon. In these cases, I'd just be wasting time if the person who actually has the issue isn't talking directly with upstream.
As a more extreme and concrete example, take Jeffrey Ollie's maintainership of Asterisk[1]. Under the "maintainers are always the liason" mentality, no one could be Asterisk's maintainer without lots of expensive, specialty hardware. Should Asterisk not be in any distro's repositories?
[1]https://lists.fedoraproject.org/pipermail/devel/2013-June...
Which bug tracker? Posted Jun 27, 2013 12:46 UTC (Thu) by boudewijn (subscriber, #14185) [Link]
As an application maintainer, I am already a bit overwhelmed with bug reports -- I usually dedicate all of my Saturdays and the Sunday morning to bug triaging.
Because Krita is a KDE application, it's really easy for people to report bugs: click help/report bug, then make an account or login and report the bug. No searching needed. And that's fine, I appreciate that reporting a bug is not really fun and takes time away from productive sketching and painting, so every report is welcome. I'd have a problem if the login step would be dropped: I nearly always need to get into conversation with the reporter, and besides, I'm wary of the amount of duplicates that would get entered. Automated duplicate detection would be so awesome.
But while I really appreciate those users who go through their distribution first and only then report to me, or where the distribution package maintainer reports to me (whose work I also really appreciate), it usually really is my bug, not a packaging issue, so a bit of a waste of the package maintainer's time. I never actually manage after a release to go through the distribution's bug trackers to see if there's anything interesting for me either, so if the bug doesn't get upstreamed, I won't see it.
However, for gentoo it usually needs to go into the gentoo bug tracker, and if it's a ubuntu bug, it's likely to belong there as well, it's Ubuntu that needs to fix its out-of-application menubar hacks, not me :-)
Which bug tracker? Posted Jun 27, 2013 13:36 UTC (Thu) by mpr22 (subscriber, #60784) [Link] Debian's bug tracking system has no logins (at least for external reporters), but allows conversation with the reporter just fine.
Which bug tracker? Posted Jun 27, 2013 14:14 UTC (Thu) by boudewijn (subscriber, #14185) [Link]
Yes, that's very nice.
Which bug tracker? Posted Jun 29, 2013 9:19 UTC (Sat) by maxiaojun (subscriber, #91482) [Link]
This is yet another example showing the fact that the current Linux distribution model is deeply flawed.
The current Linux distribution model does provide a bunch of software, but:
1. It is actually a closed system. Source:
2. Except Arch Linux promises to always have latest upstream version, most of the time the version offered is random. For example, why openSUSE 12.3 uses EOL 3.7.10 kernel instead of a longterm one?
3. The user is almost helpless when there is a bug. As the parent article suggests, even filing the bug to the right place can be tricky.
I've been experimenting using Ubuntu without universe enabled. The result is:
1. Some packages from universe is essential to core desktop experience. For example *-bad, *-ugly packages of GStreamer.
2. gem and pip may be enough for Ruby and Python.
3. A good alternative package manager for Unix-flavor software is yet to find. https://github.com/Homebrew/linuxbrew is far from usable yet.
4. A good source of bundled GUI apps is yet to find. http://portablelinuxapps.org/ is pretty close but they focus on 32bit only. 0install and Listaller doesn't seem to provide enough apps.
Which bug tracker? Posted Jun 29, 2013 9:25 UTC (Sat) by maxiaojun (subscriber, #91482) [Link]
The kernel example is probably flawed. End users should generally trust the distribution to offer a usable kernel without bothering to make their own choices. But for other software, it is generally not the case.
Which bug tracker? Posted Jun 29, 2013 10:50 UTC (Sat) by maxiaojun (subscriber, #91482) [Link]
Gentoo Prefix is a bit funny:
Which bug tracker? Posted Jun 29, 2013 19:30 UTC (Sat) by pboddie (guest, #50784) [Link] gem and pip may be enough for Ruby and Python. Platform-neutral Python-specific packaging is probably only sufficient for throwaway sandbox purposes, which is admittedly what a lot of people use it for these days. In most respects it is inferior to mature distribution-specific packaging and dependency management systems. Of course, cutting out the operating system distribution gets you updates a lot more quickly from upstream, but you sacrifice integration with the distribution as a result (and stuff like auditing). Again, for some stuff that you throw into a sandbox, this doesn't matter because the integration perhaps doesn't need to be very tight - Web applications often fit into this category - but when running a bunch of applications or services, particularly based on technologies you don't really use, dealing with language-specific systems defeats the purpose of having a distribution that provides a uniform interface for such things. Things like personal package archives (PPAs) attempt to combine the timely nature of upstream with the rigour of the distribution, and you don't need to have bought into Launchpad to deploy these yourself, but then you need to manage the chaos of having multiple software sources. (You also have to deal with such chaos with language-specific systems, but that's another long story.)
Which bug tracker? Posted Jun 30, 2013 4:45 UTC (Sun) by maxiaojun (subscriber, #91482) [Link]
Problem is that I really don't use one particular distribution only.
I'm running Ubuntu 13.04 personally but I plan to use Ubuntu 12.04 LTS for my next project, 9 months support period is just too short.
I also have normal user access to a (many-core) server running Fedora 14 (Yes, 14) .
And my most Unix-aware friend is using Mac OS X.
So I really want software installation being platform neutral.
Sometimes I feel RPM Fusion is probably slightly better than 'universe', as software in RPM Fusion get upgraded in all supported releases of Fedora. For Debian and Ubuntu, it seems that there are many specialized repositories out there but no one-stop solution like RPM Fusion.
Which bug tracker? Posted Jul 1, 2013 21:50 UTC (Mon) by pboddie (guest, #50784) [Link]
Different people have their needs met by different solutions.
For Python Web developers, for example, using the Python-specific packaging tools may be good enough, especially as there may well be Mac and Windows users in the picture.
For people just running software and not really developing it, the distribution's own mechanisms become the focus: those people don't want to have to learn pip, gem, cpan, whatever to manage and keep their software up to date.
What we're perhaps missing is the bridge between these different worlds using software that lets people use multiple distributions and stay within any language-specific comfort zone, all the time sticking with distribution-quality packaging.
Which bug tracker? Posted Jul 1, 2013 22:34 UTC (Mon) by raven667 (subscriber, #5198) [Link]
A bridge would be good, the main problem is when mixing and matching between the distribution package management and the language-environment specific tools because they have two different views of the software dependency tree and they don't talk to each other in any way. In most cases the metadata used to drive the language-specific tools is also the same metadata needed by the distribution package management, python setuptools has a bdist_rpm target that is fully functional, cpan2rpm also makes functional packages. Only if the tool have full visibility of the dependency graph can it have sensible output. Maybe a yum plugin that wraps pip and cpan would show how it could be done.
Which bug tracker? Posted Jul 3, 2013 16:07 UTC (Wed) by pabs (subscriber, #43278) [Link]
IIRC GoboLinux has such a bridge between the distro package manager and language-specific package managers.
|
|||||||||||||