BMO/Meetings/WorkWeekBOF201104

From MozillaWiki
< BMO‎ | Meetings
Jump to: navigation, search

Work Week April 2011 - BMO BOF

Schedule

  • TBD

Agenda

Meet the Bugzilla Team

  • Dave Lawrence [:dkl]
  • Byron Jones [:glob]
  • Dave Miller [:jusdave]
  • Gervase Markham [:gerv]

Presentation Topics

  • Improved Bug Search UI
    • Thanks to the UI work of Guy Pyrzak, the Advanced Search UI has been completely redesigned. It is now much simpler, and far more approachable for new users, while still retaining all of the features that power users are used to.
  • Automatic duplicate detection
    • When filing a bug, as soon as you start typing in the summary field, Bugzilla will suggest possible duplicates of the bug you are filing.
  • Enhanced XMLRPC/JSONRPC API (i.e. Bug.update)
    • The WebService should now be able to do everything with bugs that you can do via the web interface, including updating bugs, adding attachments, and getting attachment data
  • JSONP and JSON-GET
    • Bugzilla now supports making WebService calls from another domain, inside of a web browser, thanks to support for JSONP.
  • Splinter Code Review
    • A revamped version of the Splinter Code Review system will be enabled with the rollout of 4.0. This version now uses YUI and is built as an extension to Bugzilla so no need for AJAX requests to get or update Bug data.
  • SecureMail
    • SecureMail is a Bugzilla extension which sends bug email related to bugs in certain groups marked as 'secure' with it's body text encrypted. Otherwise a simplified email is sent without any sensitive data included.
  • Component Watching
    • Bugzilla users will be able to 'watch' specific components in specific products so that they will receive any notifications from bugs against them.
  • SiteMapIndex
    • A new Bugzilla extension to allow search engines to efficienly index publicly facing bugs in BMO.
  • Components and versions can be disabled for bug entry
  • Move of core customizations into BMO extension (better maintenance going forward)
  • Minimum password length is now 8 characters
  • Too many other new features to discuss here.
    • Encourage everyone to read the official [Notes].

Open Discussion

  • Near Future Roadmap for BMO

Questions and Answer Session

  • Comments? Gripes?

Meeting Notes

  • Requested Features
    • Duplicate Search - "Search for similar bugs" Search option within the bug view that starts a search with the same product and component. Intent is to easily verify if bugs submitted by community are dups with existing bugs
    • Visual Differentiation between "Resolved" and "Verified" state - Both are currently indicated with strike through. Would like to have easy visual indicator to represent Resolved and different indicator for Verified.
    • Be able to edit a search inline (wihtout editing the URL) to drill down/up on sets of bugs
    • Display or be able to get to full URL of search
    • It would be really nice to thread conversation when 'reply' is clicked so that the conversation flow could be seen
    • also hide/display quoted text....its hard to know what you're quoting. the general rule seems to be don't quote any more than you absolutely need to (or expect to be yelled at) but if you err in the other direction, you get into silly discussions about "no, this was in reference to this....not that"
    • Round-trip from basic search to advanced search -- type in a basic search, then be able to go to the advanced search page with fields populated based on that quicksearch. And better, be able to go the other way too (meaning quicksearch needs full functionality)
    • Allow gmail to filter bugmail, esp watch bugmail. Allow setting email address? (user+token@blah.com)
  • Security Features
    • Two factor auth
    • password policy / rotation (per security groups)
    • stronger password policies for security groups, including blacklists
    • IP address notifications w/ Geo Info (footer?)
    • Brute force protection? [account lockout exists]
    • 1 guess against multiple accounts (e.g. "pass123") - IP based captchas
    • logging within the app for critical events (Syslog/CEF)
    • View attachment settings without opening attachment (discussed within 554121)
    • hide view iframe unless patch?
    • stale account management - clear passwords for unused accounts? (need to track user logins)
    • Bugzilla API - Protect user credentials (don't send within URL or in clear as cookie)
    • but if username/password is not simply usable with e.g. basicauth/URL, there should be libraries backends written for each language of interest such that tools can be *easily* written which require authentication
  • search performance
    • google sitemap indexing will help
    • looking at leveraging metric's work using nosql (elastic search, etc)
  • UX:
    • Hire a UX person
    • CC without page saving ("starring")
    • bugzilla-jetpack things:
    • inline history [working on this now]
    • URL after form submission (process_bug.cgi) [arguing about this now]
    • column based UI (moving less used information to the side - like Google Code)
    • including whiteboard entries, if applicable....i want/need to be able to see a column of whiteboard flags as....flags, and be able to sort by them!!!!
    • CC, r?, etc list being context sensitive
    • patches inline
    • update bugs dynamically (like gmail: "This page has been updated" in bottom right)
    • don't go offpage for anthing common (like attachments)
    • Don't lose an r? or CC that doesn't match a user
    • Fix when CC, r? list doesnt work
    • put field updates in the same place (after comment box entered; like Google Code)
    • submit over AJAX, never leave the page, never refresh
    • attachments not on top of comments
    • performance improvements - better caching and prefetching - everything should be _instant_
    • highlight changd fields (red glow; so you can see at a glance what has changed)
    • make platform optional
    • better search results grid
    • copy Google Code
    • allow starring without entering
    • convert as many fields as possible into tags
      • whiteboard
      • tags
      • keywords
      • platform
      • version
      • status (maybe)
      • importace
      • milestone
      • maybe (esp ones that cross components):
      • product
      • component

Action Items