Hi all,
If you haven't seen the banner at the top of bugzilla.redhat.com, it is scheduled to undergo an upgrade from Bugzilla 4 to Bugzilla 5 on December 2 2018. The outage will begin on 2 December at 0:00 UTC and end on 2 December at 12:00 UTC.
For more information on Bugzilla 5, see: https://partner-bugzilla.redhat.com/page.cgi?id=whats-new.html https://partner-bugzilla.redhat.com/page.cgi?id=release-notes.html
Bugzilla 5.0 introduces a new REST endpoint to replace XML-RPC and JSON-RPC. The XML-RPC and JSON-RPC APIs will remain available.
On Mon, Nov 26, 2018 at 10:59 AM Ben Cotton bcotton@redhat.com wrote:
Hi all,
If you haven't seen the banner at the top of bugzilla.redhat.com, it is scheduled to undergo an upgrade from Bugzilla 4 to Bugzilla 5 on December 2 2018. The outage will begin on 2 December at 0:00 UTC and end on 2 December at 12:00 UTC.
For more information on Bugzilla 5, see: https://partner-bugzilla.redhat.com/page.cgi?id=whats-new.html https://partner-bugzilla.redhat.com/page.cgi?id=release-notes.html
Bugzilla 5.0 introduces a new REST endpoint to replace XML-RPC and JSON-RPC. The XML-RPC and JSON-RPC APIs will remain available.
Out of curiosity, does anyone know where the source code for Red Hat Bugzilla actually is? I tried to find it a while ago, and even tried to send an email asking about it (with no response...). This variant of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, nor are they present in the Mozilla fork (bmo)...
* Neal Gompa [26/11/2018 11:01] :
Out of curiosity, does anyone know where the source code for Red Hat Bugzilla actually is? I tried to find it a while ago, and even tried to send an email asking about it (with no response...). This variant of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, nor are they present in the Mozilla fork (bmo)...
The source code isn't avaliable (although I've been told at least one Bugzilla developer has access to it).
https://bugzilla.redhat.com/show_bug.cgi?id=478886
Emmanuel
On 27/11/18 02:06, Emmanuel Seyman wrote:
- Neal Gompa [26/11/2018 11:01] :
Out of curiosity, does anyone know where the source code for Red Hat Bugzilla actually is? I tried to find it a while ago, and even tried to send an email asking about it (with no response...). This variant of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, nor are they present in the Mozilla fork (bmo)...
The source code isn't avaliable (although I've been told at least one Bugzilla developer has access to it).
This is correct. We are in a very drawn out, and painful, process to get this opened up.
Dylan from BMO is helping us out by doing an audit for us, but he is doing it as a favor, in his own time, so it's taking about as long as you'd expect to audit a 20 year old code base in your spare time.
Once Dylan is done, and we are putting no pressure on him to meet or specify a time line, I'll do another round of infosec/product security team hand shaking and then we should be able to open it.
Cheers, Jeff.
On Mon, Nov 26, 2018 at 5:08 PM Jeff Fearn jfearn@redhat.com wrote:
On 27/11/18 02:06, Emmanuel Seyman wrote:
- Neal Gompa [26/11/2018 11:01] :
Out of curiosity, does anyone know where the source code for Red Hat Bugzilla actually is? I tried to find it a while ago, and even tried to send an email asking about it (with no response...). This variant of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, nor are they present in the Mozilla fork (bmo)...
The source code isn't avaliable (although I've been told at least one Bugzilla developer has access to it).
This is correct. We are in a very drawn out, and painful, process to get this opened up.
Dylan from BMO is helping us out by doing an audit for us, but he is doing it as a favor, in his own time, so it's taking about as long as you'd expect to audit a 20 year old code base in your spare time.
Once Dylan is done, and we are putting no pressure on him to meet or specify a time line, I'll do another round of infosec/product security team hand shaking and then we should be able to open it.
My recent interest in RHBZ code stems from two things: * it has working SAML auth * it supports external bug tracking (though I'm not sure if the functionality has completely worked recently, and lacks pagure.io itself...)
In Mageia, we're looking at revamping our identity management, and we'd like to use SSO via SAML with our BZ5 system, but sadly this code is not available for vanilla bz5 systems, and BMO uses CAS instead of SAML or OIDC. :(
And of course, external bug tracking is useful for obvious reasons. :)
-- 真実はいつも一つ!/ Always, there's only one truth!
On 27/11/18 12:13, Neal Gompa wrote:
On Mon, Nov 26, 2018 at 5:08 PM Jeff Fearn jfearn@redhat.com wrote:
On 27/11/18 02:06, Emmanuel Seyman wrote:
- Neal Gompa [26/11/2018 11:01] :
Out of curiosity, does anyone know where the source code for Red Hat Bugzilla actually is? I tried to find it a while ago, and even tried to send an email asking about it (with no response...). This variant of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, nor are they present in the Mozilla fork (bmo)...
The source code isn't avaliable (although I've been told at least one Bugzilla developer has access to it).
This is correct. We are in a very drawn out, and painful, process to get this opened up.
Dylan from BMO is helping us out by doing an audit for us, but he is doing it as a favor, in his own time, so it's taking about as long as you'd expect to audit a 20 year old code base in your spare time.
Once Dylan is done, and we are putting no pressure on him to meet or specify a time line, I'll do another round of infosec/product security team hand shaking and then we should be able to open it.
My recent interest in RHBZ code stems from two things:
- it has working SAML auth
- it supports external bug tracking (though I'm not sure if the
functionality has completely worked recently, and lacks pagure.io itself...)
In Mageia, we're looking at revamping our identity management, and we'd like to use SSO via SAML with our BZ5 system, but sadly this code is not available for vanilla bz5 systems, and BMO uses CAS instead of SAML or OIDC. :(
And of course, external bug tracking is useful for obvious reasons. :)
As someone who has to use radius 2FA to access Bugzilla, I cannot tell you just how much SSO rocks ^_^
I may have BCC'd Dylan on this reply ;)
Cheers, Jeff.
Dne 26. 11. 18 v 16:57 Ben Cotton napsal(a):
Bugzilla 5.0 introduces a new REST endpoint to replace XML-RPC and JSON-RPC. The XML-RPC and JSON-RPC APIs will remain available.
Before someone jumps into porting their code to the new REST API (my team tried that) - it is undocumented, the few documented examples does not work -> the new API is real mess now.
As the old API will obviously stay for longer period, you can keep calp and keep your XML-RPC and JSON-RPC scripts.
Miroslav
On 27/11/18 19:45, Miroslav Suchý wrote:
Dne 26. 11. 18 v 16:57 Ben Cotton napsal(a):
Bugzilla 5.0 introduces a new REST endpoint to replace XML-RPC and JSON-RPC. The XML-RPC and JSON-RPC APIs will remain available.
Before someone jumps into porting their code to the new REST API (my team tried that) - it is undocumented, the few documented examples does not work -> the new API is real mess now.
+1 I think upstream jumped the gun on pushing REST so hard, it's not ready for production use IMO.
As the old API will obviously stay for longer period, you can keep calp and keep your XML-RPC and JSON-RPC scripts.
I have a hand shake agreement with upstream that JSON-RPC will hang around until we are happy that REST can fully replace it.
Cheers, Jeff.
The upgrade of bugzilla.redhat.com has been delayed a week. It will now be done on 9 December 2018 from 0:00 to 12:00 UTC.
On Mon, Nov 26, 2018 at 10:57 AM Ben Cotton bcotton@redhat.com wrote:
If you haven't seen the banner at the top of bugzilla.redhat.com, it is scheduled to undergo an upgrade from Bugzilla 4 to Bugzilla 5 on December 2 2018. The outage will begin on 2 December at 0:00 UTC and end on 2 December at 12:00 UTC.
For more information on Bugzilla 5, see: https://partner-bugzilla.redhat.com/page.cgi?id=whats-new.html https://partner-bugzilla.redhat.com/page.cgi?id=release-notes.html
Bugzilla 5.0 introduces a new REST endpoint to replace XML-RPC and JSON-RPC. The XML-RPC and JSON-RPC APIs will remain available.
On Fri, Nov 30, 2018 at 10:14 AM Ben Cotton bcotton@redhat.com wrote:
The upgrade of bugzilla.redhat.com has been delayed a week. It will now be done on 9 December 2018 from 0:00 to 12:00 UTC.
Aww, anyone know why?
On 1/12/18 01:45, Neal Gompa wrote:
On Fri, Nov 30, 2018 at 10:14 AM Ben Cotton bcotton@redhat.com wrote:
The upgrade of bugzilla.redhat.com has been delayed a week. It will now be done on 9 December 2018 from 0:00 to 12:00 UTC.
Aww, anyone know why?
The release pipe line was unexpectedly frozen, which blocked this and several other system upgrades.
Cheers, Jeff.
-
Ben Cotton -
Emmanuel Seyman -
Jeff Fearn -
Miroslav Suchý -
Neal Gompa