BMO/Meetings/2013-11-05
kyle and glob talked about alizom.bugzilla.com sanitized version and a script to change some of the bugs to private, for testing.
Spam/trolling situation. First time it's happened in 3 years. It hasn't been a big problem. We could put together an extension to block domains for throwaway emails. Over the weekend a DBA manually deleted comments from the db. It was about 500-600 comments.
Now we log the ip address that creates the account in a place we can get to them. rather than having to go to IT and wait for weeks.
We talk about tools to block and delete. Currently there are many people with edituser permissions who can disable an account. We don't want to spend lots of resources making tools to handle a situation that only happens once in a while.
We could use comment tagging to allow people to flag comments as abuse. (Drupal does something similar)
Mark talks about ReviewBoard, bugzilla cookies, cross-site scripting vulnerabilities.
Security team is doing a program to denote people in a team as security champion. Go to a meeting to coordinate security news back to groups. dkl volunteers for this.
Problems bringing vagrant box up to date. Mark had some issues adding the tracking flag code. The migration didn't work, yum update doesn't work. dkl can make a new vagrant box with the updates. You have to manually run the migration script. mark says that the migration script didn't work either. glob says, update bugzilla's internal schema first, then do the migration script.
Pulse bug subscription worked well in testing (mark) and he is making a demo page. Once it was set up it was very easy. Proof of concept is just about done.
Does web ops maintain the pulse server? kendall says, maybe but when it has problems, SRE or dustin handle it.
jdm was looking for the commit messages through pulse (for the black hole project) but that doesn't happen any more. treeherder may in future also depend on pulse. buildbot isn't consistent in what it emits so we need some sort of pulse translator. The buildbot api and some sort of log scraping are what people are using now.
glob reports on today's BMO push. xss fix had to be landed. The fix for sql and request nagger landed. we sent out 795 emails about their outstanding requests.
bz-api stuff is in progress. tracking flag review in progress and nearly done.
Discussion of localizing web forms, re: bug 933832, and https://bugzilla.mozilla.org/form.mobile.compat
We could collect information in Input. Then someone collects it and makes bugs based on it. (User advocacy?)
akish had a project to do this but left mozilla. (to collect new bug reports and then have someone triage them before they go into bugzilla. )
Bugzilla is very account centric. Once you start to remove that, you really should build a new system.
To file a bug you have to make an account first. Sign up, follow up, responses, etc. are all in English. Localizing this form won't fix that problem.
The Tell Us More project pulled in new reports, if there was an account matching the email addy, it sent a verification email. If there wasn't an account, it makes an account and sends an email. the point was to fix the "flow" of the process. The UI was done by another team, (NigelB?) it was super close to going live, then the new manager of Input said they didn't want it. Then it sat around for 6 months in limbo.
kyle is working with an phd student making dashboards who is coming to toronto to present his results, next week. He will post info about the talk and try to get it recorded and streamed.