Hey folks:
Am 09.05.21 um 09:33 schrieb Stanislav Malyshev:
> Hi!
>
[...]
>
> 1. Bug reporting templates> 2. Pre-filter on reported bugs> 3. Advanced search
> 4. Custom fields like PHP version or CVE ID
> 5. Private bugs that are accessible only to members of security team
> 6. Custom statuses (I guess can be worked around with labels, but would
> require a lot of work to make it convenient to use, default screen would
> be pretty much unusable due to clutter, as it only understands closed/open)
> 7. Ability for anybody to submit a bug without opening github account
> (yes, I know it also produces the spam problem) and assigning bugs to
> people that don't have github account (we still can accept patches from
> those, can't we?).
> 8. Statistics
>
>> It may be over optimistic, but we might get better engagement with
>> bugs on github than anywhere else also - Github is where people are
>> tending to do their business today.
>
> I think it's way to generic statement. Some people choose github for
> doing some stuff would be more accurate. I don't think I can remember
> from the top of my head any major project that uses Github as their main
> bug tracker. Maybe they exist, but I certainly can't recall any.
>
>> Github is maintained, hosted, developed, and free, and while it isn't
>> the perfect tool for the job, nothing else is either. We could spend
>> time (which we don't have) developing bugsnet, or installing some
>> other solution in a dark corner of the internet, and solve no problems
>> at all, and be burdened with the ongoing maintenance of that solution.
>
> Why we must install it in a dark corner? Maybe we should ask for some
> help from people who are willing to contribute before we decide to scrap
> the whole thing.
>
> Besides that, I am not sure I am feeling that comfortable with moving
> 100% of the infrastructure of the PHP project to a platform wholly owned
> by Microsoft, and that's where things seem to be heading. I know
> Microsoft is almost not evil now, and it has no problem with PHP
> whatsoever, but things change, and who knows what would happen in
> another 5-10 years. I am not sure hard-binding the whole project to a
> single platform owned by a single company is that great. Due to the
> distributed nature of Git, the repository hosting is very low risk - it
> could be easily moved anywhere. But having the rest of the
> infrastructure in a single point of failure does not feel great. Once we
> move in there, it would be very hard to move out.
This is for me the most interesting point. While it is rather easy to
move fastly away from Github with the source-code it will be much more
complicated to move to "somewhere else" with all of the issues.
Yes, we currently have the same problem with PRs but not "owning" our
bug-report system feels ... not right to me. Especially when there is no
way to actually turning it off due to the security bugs.
While on the other hand I think it absolutely great to have another
infrastructure part that we do not have to maintain!
My prefered way to go would be some other bug-reporting SaaS that can
integrate with github but can provide some more of what we currently
have and that also allows us to also use it for security related issues.
Just my 0.02€
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" |
| https://andreas.heigl.org https://hei.gl/where |
| https://hei.gl/pubkeyandreas |
+---------------------------------------------------------------------+
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
