mantisbt-dev — MantisBT development discussions

Re: [mantisbt-dev] Should MantisBT 1.3 'provide' jQuery? (Resend)

[Damien R. <dr...@ma...>]

On 2015-08-02 10:32, Roland Becker wrote:
>> Robert Munteanu <rob...@gm...> hat am 30. Juli 2015 um 09:58
>> geschrieben:
>>
>> To make it easier to support both MantisBT 1.2 and 1.3 in plugins we
>> could 'provide' a dummy jQuery plugin with the MantisBT core.
>>
>> Thoughts?
>
> I prefer breaking things instead of some magic in the background that might
> finally end in strange issues.

I'm with Roland here.

I believe the system I've put in place quite effectively deals with the 
problem by disabling the plugin; this should force the plugin authors to 
have a look at their code, and implement any necessary changes to ensure 
proper operations with 1.3 and release a specific version.

I'm aware that this approach does put an additional burden on the plugin 
authors (to maintain a dedicated 1.3 branch), but in my opinion it is a 
better and safer alternative than the "dummy plugin" you suggest which 
would anyway only cover part of the 1.3 compatibility problem.

In addition to jQuery support, authors also need to consider the revised 
CSS, deprecated functions, new syntax for DB queries, etc.

Re: [mantisbt-dev] Should MantisBT 1.3 'provide' jQuery? (Resend)

[Roland B. <ro...@at...>]

Consider also
https://www.mantisbt.org/bugs/view.php?id=17360 and
https://github.com/mantisbt/mantisbt/pull/239
when thinking about it

I prefer breaking things instead of some magic in the background that might
finally end in strange issues.
Of course, I am biased as I am quite often dealing with strange issues in our
forum ;-)

Roland

> Robert Munteanu <rob...@gm...> hat am 30. Juli 2015 um 09:58
> geschrieben:
> 
> 
> Hi,
> 
> In MantisBT 1.2 jQuery was provided by a plugin. In MantisBT 1.3 it's
> included in the core. However, there are still plugins which require
> jQuery.
> 
> To make it easier to support both MantisBT 1.2 and 1.3 in plugins we
> could 'provide' a dummy jQuery plugin with the MantisBT core.
> 
> Thoughts?
> 
> Robert
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

[mantisbt-dev] Should MantisBT 1.3 'provide' jQuery? (Resend)

[Robert M. <rob...@gm...>]

Hi,

In MantisBT 1.2 jQuery was provided by a plugin. In MantisBT 1.3 it's
included in the core. However, there are still plugins which require
jQuery.

To make it easier to support both MantisBT 1.2 and 1.3 in plugins we
could 'provide' a dummy jQuery plugin with the MantisBT core.

Thoughts?

Robert

Re: [mantisbt-dev] Hosting new plugin into mantis GIT repo

[Damien R. <dr...@ma...>]

Chandan Pandey <chandanpandey1001@...> writes:
> I would like to host a new plugin authored by me on Mantis Git repo for 
> public access. Plugin is not on GitHub as of now. Let me know what can I 
> do for it.

Please see

https://www.mantisbt.org/wiki/doku.php/mantisbt:mantis_plugins

section "Hosting a new plugin"

[mantisbt-dev] Hosting new plugin into mantis GIT repo

[Chandan P. <cha...@gm...>]

Hi,

I would like to host a new plugin authored by me on Mantis Git repo for
public access. Plugin is not on GitHub as of now. Let me know what can I do
for it.


Regards

Chandan Pandey




__________________________________

Re: [mantisbt-dev] Announcement LikeTrello plugin

[S. P. <spi...@gm...>]

Hi,

you are right in all aspects. It's just that I don't have a clue about
mantis-bt APIs. Could you just mention a corresponding API method or class
for each of your findings, please? I would be able to figure out how to
continue from that.

Thanks.

Slawa Pidgorny.
____________________________________________
Time tracking and invoicing:
http://rechnung-plus.de/

Need a new web-site?
http://sigayeva.com/

Making appointments online:
http://appointment.at/

On 11 May 2015 at 11:56, Alain D'EURVEILHER <ala...@gm...>
wrote:

> Hi,
> I just had a look at your plugin on your repo (I am no admin, just a
> MantisBT user), and I noticed several things which could be considered as
> flaws against the mantis policies:
> - The plugin does seem to take into account the visibility of he issue by
> the connected user. You just make a select on all the bugs and display
> them. Some issues can be set as hidden for some users or category of users
> (public/private for instance...)
> - Not all the users can modify the status of an issue, which your plugin
> does not seem to take into account (meaning a viewer could possibly update
> the status of an issue via the plugin)
> - It also seems that you are bypassing the workflow defined by the mantis
> manager/admin. One could define for its installation that a resolved ticket
> cannot be opened again for example.
> - Your plugin does not seem to work without an internet connection as you
> link directly to JQuery online
> (echo '<script src="
> https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
> "></script>';)
>
> I am assuming all that just by reading your files, I could be wrong on
> some point. But I would like to alert you on some notes in case it is
> rejected by the mantisBT core team.
>
> Regards,
> AlainD.
>
> On Mon, May 11, 2015 at 11:32 AM, S. P. <spi...@gm...> wrote:
>
>> Hi,
>>
>> this is to announce a new plugin LikeTrello which allows to drag-n-drop
>> issue cards between status columns in order to change their status.
>> Inspired by https://trello.com/.
>>
>> See https://github.com/spidgorny/LikeTrello for animated GIF.
>>
>> Please add it to the list of plugins on wiki and
>> https://github.com/mantisbt-plugins.
>>
>> https://www.mantisbt.org/bugs/view.php?id=19675
>>
>> The *list of people* who should have *push access*: spidgorny
>>
>> Slawa Pidgorny.
>> ____________________________________________
>> Time tracking and invoicing:
>> http://rechnung-plus.de/
>>
>> Need a new web-site?
>> http://sigayeva.com/
>>
>> Making appointments online:
>> http://appointment.at/
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> mantisbt-dev mailing list
>> man...@li...
>> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
>>
>>
>
>
> --
>
> AlainD.
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
>
>

Re: [mantisbt-dev] Announcement LikeTrello plugin

[Alain D'E. <ala...@gm...>]

Hi,
I just had a look at your plugin on your repo (I am no admin, just a
MantisBT user), and I noticed several things which could be considered as
flaws against the mantis policies:
- The plugin does seem to take into account the visibility of he issue by
the connected user. You just make a select on all the bugs and display
them. Some issues can be set as hidden for some users or category of users
(public/private for instance...)
- Not all the users can modify the status of an issue, which your plugin
does not seem to take into account (meaning a viewer could possibly update
the status of an issue via the plugin)
- It also seems that you are bypassing the workflow defined by the mantis
manager/admin. One could define for its installation that a resolved ticket
cannot be opened again for example.
- Your plugin does not seem to work without an internet connection as you
link directly to JQuery online
(echo '<script src="
https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
"></script>';)

I am assuming all that just by reading your files, I could be wrong on some
point. But I would like to alert you on some notes in case it is rejected
by the mantisBT core team.

Regards,
AlainD.

On Mon, May 11, 2015 at 11:32 AM, S. P. <spi...@gm...> wrote:

> Hi,
>
> this is to announce a new plugin LikeTrello which allows to drag-n-drop
> issue cards between status columns in order to change their status.
> Inspired by https://trello.com/.
>
> See https://github.com/spidgorny/LikeTrello for animated GIF.
>
> Please add it to the list of plugins on wiki and
> https://github.com/mantisbt-plugins.
>
> https://www.mantisbt.org/bugs/view.php?id=19675
>
> The *list of people* who should have *push access*: spidgorny
>
> Slawa Pidgorny.
> ____________________________________________
> Time tracking and invoicing:
> http://rechnung-plus.de/
>
> Need a new web-site?
> http://sigayeva.com/
>
> Making appointments online:
> http://appointment.at/
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
>
>


-- 

AlainD.

[mantisbt-dev] Announcement LikeTrello plugin

[S. P. <spi...@gm...>]

Hi,

this is to announce a new plugin LikeTrello which allows to drag-n-drop
issue cards between status columns in order to change their status.
Inspired by https://trello.com/.

See https://github.com/spidgorny/LikeTrello for animated GIF.

Please add it to the list of plugins on wiki and
https://github.com/mantisbt-plugins.

https://www.mantisbt.org/bugs/view.php?id=19675

The *list of people* who should have *push access*: spidgorny

Slawa Pidgorny.
____________________________________________
Time tracking and invoicing:
http://rechnung-plus.de/

Need a new web-site?
http://sigayeva.com/

Making appointments online:
http://appointment.at/

Re: [mantisbt-dev] Fwd: Re: [MantisBT-Colorized] Mantis 1.3.0 compatibility (#4)

[Damien R. <dr...@ma...>]

Roland Becker <roland@...> writes:

> 
> I think we should disable the MantisBT GitHub Wiki 

It's done.

The content is still available if necessary [1], I also saved a copy on our
server (in /srv/backup) just in case.

D


[1] git clone https://github.com/mantisbt/mantisbt.wiki.git

[mantisbt-dev] Fwd: Re: [MantisBT-Colorized] Mantis 1.3.0 compatibility (#4)

[Roland B. <ro...@at...>]

I think we should disable the MantisBT GitHub Wiki because
- there is outdated and confusing information in it, see example below
- we have our own Wiki on mantisbt.org 

Roland

> ---------- Ursprüngliche Nachricht ----------
> Von: Frank Bültge <not...@gi...>
> An: bueltge/MantisBT-Colorized <Man...@no...>
> Datum: 16. April 2015 um 20:31
> Betreff: Re: [MantisBT-Colorized] Mantis 1.3.0 compatibility (#4)
> 
> I found different hints for the 1.3
> 
> * https://github.com/mantisbt/mantisbt/wiki/Developer-changes-in-1.3.x
> 
> 
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/bueltge/MantisBT-Colorized/issues/4#issuecomment-93809348

Re: [mantisbt-dev] EVENT_UPDATE_BUG not called on group action in view_all_bug_page.php

[Damien R. <dr...@ma...>]

Louis BAYLE <lbayle.work@...> writes:
> I developped a plugin to do some actions when the bug status is
> changed. I'm using EVENT_UPDATE_BUG. The job is done correctly when
> status is changed from the view.php page, but nothing happens when I
> change the status of a task (or a group of tasks) from the
> view_all_bug_page.php.
> 
> Could it be possible that the event is not called on group actions ?
> Should I open a new bug or is it a normal behaviour ?

Please have a look at https://www.mantisbt.org/bugs/view.php?id=14897. I
believe you are facing the same issue.

D

[mantisbt-dev] EVENT_UPDATE_BUG not called on group action in view_all_bug_page.php

[Louis B. <lba...@gm...>]

Hi,

I developped a plugin to do some actions when the bug status is
changed. I'm using EVENT_UPDATE_BUG. The job is done correctly when
status is changed from the view.php page, but nothing happens when I
change the status of a task (or a group of tasks) from the
view_all_bug_page.php.

Could it be possible that the event is not called on group actions ?
Should I open a new bug or is it a normal behaviour ?

I'm using Mantis 1.2.19

Best regards,

Louis BAYLE
http://codevtt.org

Re: [mantisbt-dev] Integrate ABRT with MantisBT

[Matej H. <mha...@re...>]

>> we are working on integration of the ABRT reporter
>
> Pardon my ignorance, but I have absolutely no idea what "ABRT" is.

I am sorry I forgot to attach a link to the ABRT documentation. 
ABRT is a set of tools to help users detect and report application crashes.
For more information about the ABRT see http://abrt.readthedocs.org/en/latest/.

>> We want to ask when are you planning to release a new version of
>> the MantisBT (with the searching methods)?
>
> No commitment on date, sorry...

I responded to this comment https://github.com/mantisbt/mantisbt/pull/560#issuecomment-71344146.

>> would it possible to at least release a new beta version of the MantisBT
>> which contains the searching methods by the end of the week?
>
> I think we should release 1.3.0-beta.2 soon, but this deadline is 
> completely unrealistic as far as I'm concerned. I've got other 
> priorities for this week.

ok, I'll backport the patches from this pull request https://github.com/mantisbt/mantisbt/pull/560 to the MantisBT 1.2.x version which uses CentOS.

Matej

Re: [mantisbt-dev] Integrate ABRT with MantisBT

[Damien R. <dr...@ma...>]

On 2015-02-09 15:51, Matej Habrnal wrote:
> we are working on integration of the ABRT reporter

Pardon my ignorance, but I have absolutely no idea what "ABRT" is.

> We want to ask when are you planning to release a new version of
 > the MantisBT (with the searching methods)?

No commitment on date, sorry...

> In case you plan to release an official version in a longer period of time
 > (more than a month),

It is indeed likely to be more than a month IMO.

> would it possible to at least release a new beta version of the MantisBT
 > which contains the searching methods by the end of the week?

I think we should release 1.3.0-beta.2 soon, but this deadline is 
completely unrealistic as far as I'm concerned. I've got other 
priorities for this week.

[mantisbt-dev] Integrate ABRT with MantisBT

[Matej H. <mha...@re...>]

Hi,

we are working on integration of the ABRT reporter with the MantisBT (actually CentOS Bug Tracker at the moment). 
We want to create a testing instance of the CentOS Bug Tracker and after that we want to start 
testing the ABRT MantisBT reporter on it. To test the full functionality of the reporter 
we need a latest version of MantisBT with new SOAP API searching methods (https://github.com/mantisbt/mantisbt/pull/560).

We want to ask when are you planning to release a new version of the MantisBT (with the searching methods)?

In case you plan to release an official version in a longer period of time (more than a month), 
would it possible to at least release a new beta version of the MantisBT which contains the searching methods by the end of the week?

We realize this schedule is kind of tight, but we need to align it with the upcoming release of CentOS 7.1.

Best regards
Matej Habrnal
ABRT team

Re: [mantisbt-dev] "community" user in bug tracker

[Roland B. <ro...@at...>]

> Damien Regad <dr...@ma...> hat am 4. Februar 2015 um 01:12
> geschrieben:
> 
> 
> On 2015-02-03 06:13, Victor Boctor wrote:
> > I just merged the SOAP API pull request which ended up marking the issue as
> > resolved by me.  I thought it may be a good idea to mark issues that are
> > fixed
> > by the community differently from ones that are fixed by the core dev team.
> > Hence, I created a “community” user with access level DEVELOPER and assigned
> > the issue to that user.
> >
> > Thoughts?
> 
> It doesn't really hurt I suppose, but I'm not really sure what you are 
> hoping to achieve by this.
> 
> 

Consider that we sent emails to the community user and that we can't disable all
of them by configuration [1].
You configured community@localhost for the user.
I am not sure if there will be a problem sending email to this user.
If so, we will generate entries in mantis_email_table that will never be cleared
(and the cron job will try to sent them again and again)
  
[1] https://mantisbt.org/bugs/view.php?id=12030 and related issues

Re: [mantisbt-dev] "community" user in bug tracker

[Damien R. <dr...@ma...>]

On 2015-02-03 06:13, Victor Boctor wrote:
> I just merged the SOAP API pull request which ended up marking the issue as
> resolved by me.  I thought it may be a good idea to mark issues that are fixed
> by the community differently from ones that are fixed by the core dev team.
> Hence, I created a “community” user with access level DEVELOPER and assigned
> the issue to that user.
>
> Thoughts?

It doesn't really hurt I suppose, but I'm not really sure what you are 
hoping to achieve by this.

[mantisbt-dev] "community" user in bug tracker

[Victor B. <vb...@gm...>]

Hi all,

I just merged the SOAP API pull request which ended up marking the issue as resolved by me.  I thought it may be a good idea to mark issues that are fixed by the community differently from ones that are fixed by the core dev team.  Hence, I created a “community” user with access level DEVELOPER and assigned the issue to that user.

Thoughts?

-Victor

Re: [mantisbt-dev] Tracking of security issues having CVEs

[Victor B. <vb...@gm...>]

Sounds good to me.  We should just make sure that the title for both bugs is readable not just a reference to the CVE #.

> On Jan 23, 2015, at 12:35 PM, Roland Becker <ro...@at...> wrote:
> 
> Seems this approach has been used in the past
> 
> https://www.mantisbt.org/bugs/view.php?id=6724
> https://www.mantisbt.org/bugs/view.php?id=7743
> 
> https://www.mantisbt.org/bugs/view.php?id=8153
> https://www.mantisbt.org/bugs/view.php?id=8154
> 
>> Damien Regad <dr...@ma...> hat am 23. Januar 2015 um 17:13
>> geschrieben:
>> 
>> 
>> Hello again,
>> 
>> I'd like your input in terms of handling / tracking of important, publicly
>> announced security issues (i.e having a CVE) that affect multiple versions.
>> 
>> In the past, we only had a single issue in our tracker, with target/fixed in
>> version set to the oldest version (i.e. 1.2.x), and it was implied that the
>> fix was also implemented in later releases. 
>> 
>> This was not a problem before an "official" release for 1.3 was published,
>> but now that we have the beta out, I'm wondering if we should not create
>> "dummy" issues as clones/duplicates of the "main" ones for 1.2, but with
>> target/fixed version set to 1.3.x. This way the CVE IDs would appear on the
>> change log / roadmap.
>> 
>> Thoughts ?
>> 
>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>> GigeNET is offering a free month of service with a new server in Ashburn.
>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>> http://p.sf.net/sfu/gigenet
>> _______________________________________________
>> mantisbt-dev mailing list
>> man...@li...
>> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
> 
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

Re: [mantisbt-dev] Release 1.2.19 / 1.3.0-beta.2

[Victor B. <vb...@gm...>]

I don’t see anything to block.  Let’s do it.

For 1.3.x, let’s publish the blog this time so we got more usage.

I should be able to help Sunday, but if not early next week for sure.

> On Jan 23, 2015, at 12:29 PM, Roland Becker <ro...@at...> wrote:
> 
> I don't see anything that would block.
> 
>> Damien Regad <dr...@ma...> hat am 23. Januar 2015 um 17:08
>> geschrieben:
>> 
>> 
>> Hi team,
>> 
>> After fixing several security issues in 1.2.18, I got confirmation from
>> their respective reporters that the problems are indeed resolved, and the
>> CVEs have been assigned as needed.
>> 
>> Therefore, unless anyone objects/has pending work that must go in, I propose
>> to cut 1.2.19 over the week-end (I just need to work on the release notes).
>> 
>> Victor, do you think you'd be able to publish the release, maybe Sunday or
>> early next week ?
>> 
>> Also, since several of the above-mentioned security issues affect 1.3 as
>> well, I would recommend that we also release 1.3.0-beta.2, either
>> simultaneously or very soon afterwards.
>> 
>> Let me know if you see anything that would block or delay either or both
>> releases.
>> 
>> D
>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>> GigeNET is offering a free month of service with a new server in Ashburn.
>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>> http://p.sf.net/sfu/gigenet
>> _______________________________________________
>> mantisbt-dev mailing list
>> man...@li...
>> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
> 
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

Re: [mantisbt-dev] Tracking of security issues having CVEs

[Roland B. <ro...@at...>]

Seems this approach has been used in the past

https://www.mantisbt.org/bugs/view.php?id=6724
https://www.mantisbt.org/bugs/view.php?id=7743

https://www.mantisbt.org/bugs/view.php?id=8153
https://www.mantisbt.org/bugs/view.php?id=8154

> Damien Regad <dr...@ma...> hat am 23. Januar 2015 um 17:13
> geschrieben:
> 
> 
> Hello again,
> 
> I'd like your input in terms of handling / tracking of important, publicly
> announced security issues (i.e having a CVE) that affect multiple versions.
> 
> In the past, we only had a single issue in our tracker, with target/fixed in
> version set to the oldest version (i.e. 1.2.x), and it was implied that the
> fix was also implemented in later releases. 
> 
> This was not a problem before an "official" release for 1.3 was published,
> but now that we have the beta out, I'm wondering if we should not create
> "dummy" issues as clones/duplicates of the "main" ones for 1.2, but with
> target/fixed version set to 1.3.x. This way the CVE IDs would appear on the
> change log / roadmap.
> 
> Thoughts ?
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

Re: [mantisbt-dev] Release 1.2.19 / 1.3.0-beta.2

[Roland B. <ro...@at...>]

I don't see anything that would block.

> Damien Regad <dr...@ma...> hat am 23. Januar 2015 um 17:08
> geschrieben:
> 
> 
> Hi team,
> 
> After fixing several security issues in 1.2.18, I got confirmation from
> their respective reporters that the problems are indeed resolved, and the
> CVEs have been assigned as needed.
> 
> Therefore, unless anyone objects/has pending work that must go in, I propose
> to cut 1.2.19 over the week-end (I just need to work on the release notes).
> 
> Victor, do you think you'd be able to publish the release, maybe Sunday or
> early next week ?
> 
> Also, since several of the above-mentioned security issues affect 1.3 as
> well, I would recommend that we also release 1.3.0-beta.2, either
> simultaneously or very soon afterwards.
> 
> Let me know if you see anything that would block or delay either or both
> releases.
> 
> D
> 
> 
> 
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> mantisbt-dev mailing list
> man...@li...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

[mantisbt-dev] Tracking of security issues having CVEs

[Damien R. <dr...@ma...>]

Hello again,

I'd like your input in terms of handling / tracking of important, publicly
announced security issues (i.e having a CVE) that affect multiple versions.

In the past, we only had a single issue in our tracker, with target/fixed in
version set to the oldest version (i.e. 1.2.x), and it was implied that the
fix was also implemented in later releases. 

This was not a problem before an "official" release for 1.3 was published,
but now that we have the beta out, I'm wondering if we should not create
"dummy" issues as clones/duplicates of the "main" ones for 1.2, but with
target/fixed version set to 1.3.x. This way the CVE IDs would appear on the
change log / roadmap.

Thoughts ?

[mantisbt-dev] Release 1.2.19 / 1.3.0-beta.2

[Damien R. <dr...@ma...>]

Hi team,

After fixing several security issues in 1.2.18, I got confirmation from
their respective reporters that the problems are indeed resolved, and the
CVEs have been assigned as needed.

Therefore, unless anyone objects/has pending work that must go in, I propose
to cut 1.2.19 over the week-end (I just need to work on the release notes).

Victor, do you think you'd be able to publish the release, maybe Sunday or
early next week ?

Also, since several of the above-mentioned security issues affect 1.3 as
well, I would recommend that we also release 1.3.0-beta.2, either
simultaneously or very soon afterwards.

Let me know if you see anything that would block or delay either or both
releases.

D

Re: [mantisbt-dev] Frameworks

[Thomas K. <th...@ko...>]

On Friday, January 23, 2015 03:12:45 AM Elier Delgado wrote:
> Hello Thomas, thanks for sharing.
> 
> I have made public what I did so anyone can contribute.
> What you did can be very useful.
> 
> https://github.com/elier/mantis5
> 
> Thanks, Elier


http://www.ben-morris.com/why-refactoring-code-is-almost-always-better-than-rewriting-it

http://www.joelonsoftware.com/articles/fog0000000069.html

Hi Elier,

it's nice that you're interested in a symfony-based Mantis. So am I.

However I'm afraid that developing a second Mantis in parallel will certainly 
not be succesful. (And I wouldn't do it in PHP, in that case...)

But there would be a lot of potential in a gradual refactoring of
Mantis towards a Symfony based architecture. This requires
an agreement of all core devs.

Developing in parallel means:

- Confusion of users
- additional effort to maintain two code bases
- less users for the new system -> less bug reports / feedback
- no continuous refactoring and compatibility testing of the many
  and useful mantis plugins and 3rd-party integrations
  (The biggest plus of Mantis nowadays is its maturity, plugins and
  integrations. - Not its clean code base...)

Regards,

Thomas Koch