Appendix A. The Bugzilla FAQ

You can stay up-to-date with the latest Bugzilla information at https://www.bugzilla.org/

Bugzilla is covered by the Mozilla Public License. See details at https://www.mozilla.org/MPL/

https://www.bugzilla.org/support/consulting.html is a list of people and companies who have asked us to list them as consultants for Bugzilla.

www.collab.net offers Bugzilla as part of their standard offering to large projects. They do have some minimum fees that are pretty hefty, and generally aren't interested in small projects.

There are several experienced Bugzilla hackers on the mailing list/newsgroup who are willing to make themselves available for generous compensation. Try sending a message to the mailing list asking for a volunteer.

There are dozens of major companies with public Bugzilla sites to track bugs in their products. A few include:

Suffice to say, there are more than enough huge projects using Bugzilla that we can safely say it's extremely popular.

A core team, led by Dave Miller ([email protected]).

We can't find any head-to-head comparisons of Bugzilla against other defect-tracking software. If you know of one, please get in touch. However, from the author's personal experience with other bug-trackers, Bugzilla offers superior performance on commodity hardware, better price (free!), more developer- friendly features (such as stored queries, email integration, and platform independence), improved scalability, open source code, greater flexibility, and superior ease-of-use.

If you happen to be a commercial bug-tracker vendor, please step forward with a list of advantages your product has over Bugzilla. We'd be happy to include it in the "Competitors" section.

It may be that the support has not been built yet, or that you have not yet found it. Bugzilla is making tremendous strides in usability, customizability, scalability, and user interface. It is widely considered the most complete and popular open-source bug-tracking software in existence.

That doesn't mean it can't use improvement! You can help the project along by either hacking a patch yourself that supports the functionality you require, or else submitting a "Request for Enhancement" (RFE) using the bug submission interface at bugzilla.mozilla.org.

MySQL was originally chosen because it is free, easy to install, and was available for the hardware Netscape intended to run it on.

There is currently work in progress to make Bugzilla work on PostgreSQL and Sybase in the default distribution. You can track the progress of these initiatives in bugs 98304 and 173130 respectively.

Once both of these are done, adding support for additional database servers should be trivial.

Mozilla.org used /usr/bonsaitools/bin/perl, because originally Terry wanted a place to put a version of Perl and other tools that was strictly under his control.

This convention was abonded during the 2.17 development cycle so it will no longer be an issue when 2.18 comes out.

At present, no.

It is web and e-mail based. You can edit bugs by sending specially formatted email to a properly configured Bugzilla, or control via the web.

Yes! You can find more information elsewhere in "The Bugzilla Guide" in the "Integration with Third-Party Products" section.

Absolutely! You can track any number of Products that can each be composed of any number of Components.

There are only 55 groups available in version 2.16 of Bugzilla. If you are using product groups, this will also limit the number of products you can have. This limit does not exist in the current 2.17 development releases and will not exist in 2.18.

Yes.

Yes - any sort of attachment is allowed, although administrators can configure a maximum size. Bugzilla gives the user the option of either using the MIME-type supplied by the browser, choosing from a pre-defined list or manually typing any arbitrary MIME-type.

Yes. However, modifying some fields, notably those related to bug progression states, also require adjusting the program logic to compensate for the change.

There is no GUI for adding fields to Bugzilla at this time. You can follow development of this feature at https://bugzilla.mozilla.org/show_bug.cgi?id=91037.

Yes. Look at https://bugzilla.mozilla.org/reports.cgi for samples of what Bugzilla can do in reporting and graphing.

If you can not get the reports you want from the included reporting scripts, it is possible to hook up a professional reporting package such as Crystal Reports using ODBC. If you choose to do this, beware that giving direct access to the database does contain some security implications. Even if you give read-only access to the bugs database it will bypass the secure bugs features of Bugzilla.

Bugzilla's current development versions can do a lot more in the way of reporting. To see examples, check out https://bugzilla.mozilla.org/report.cgi.

Email notification is user-configurable. By default, the bug id and Summary of the bug report accompany each email notification, along with a list of the changes made.

Yes.

Bugzilla email is sent in plain text, the most compatible mail format on the planet.

If you decide to use the bugzilla_email integration features to allow Bugzilla to record responses to mail with the associated bug, you may need to caution your users to set their mailer to "respond to messages in the format in which they were sent". For security reasons Bugzilla ignores HTML tags in comments, and if a user sends HTML-based email into Bugzilla the resulting comment looks downright awful.

Bugzilla can only output buglists as HTML in version 2.16. There are other formats available (CSV and RDF) in the newer development versions.

Bugzilla can export bugs using xml.cgi with either a bug number or list of bug numbers.

Currently the only script included with Bugzilla that can import data is importxml.pl which is intended to be used for importing the data generated by xml.cgi in association with bug moving. Any other use is left as an exercise for the user.

There are also scripts included in the contrib/ directory for using e-mail to import information into Bugzilla, but these scripts are not currently supported and included for educational purposes.

Yes. For more information including available translated templates, see https://www.bugzilla.org/download.html#localizations. The admin interfaces are still not included in these translated templates and is therefore still English only. Also, there may be issues with the charset not being declared. See bug 126226 for more information.

Yes. No. Not in 2.16.

You have no idea. Bugzilla's query interface, particularly with the advanced Boolean operators, is incredibly versatile.

Bugzilla does not lock records. It provides mid-air collision detection, and offers the offending user a choice of options to deal with the conflict.

MySQL, the database back-end for Bugzilla, allows hot-backup of data. You can find strategies for dealing with backup considerations at https://www.mysql.com/doc/B/a/Backup.html

Yes. However, commits to the database must wait until the tables are unlocked. Bugzilla databases are typically very small, and backups routinely take less than a minute.

1. Make a backup of both your Bugzilla directory and the database. For the Bugzilla directory this is as easy as doing cp -rp bugzilla bugzilla.bak. For the database, there's a number of options - see the MySQL docs and pick the one that fits you best (the easiest is to just make a physical copy of the database on the disk, but you have to have the database server shut down to do that without risking dataloss).

2. Make the Bugzilla directory your current directory.

3. Use cvs -q update -AdP if you want to update to the tip or cvs -q update -dP -rTAGNAME if you want a specific version (in that case you'll have to replace TAGNAME with a CVS tag name such as BUGZILLA-2_16_5).

   If you've made no local changes, this should be very clean. If you have made local changes, then watch the cvs output for C results. If you get any lines that start with a C it means there were conflicts between your local changes and what's in CVS. You'll need to fix those manually before continuing.

4. After resolving any conflicts that the cvs update operation generated, running ./checksetup.pl will take care of updating the database for you as well as any other changes required for the new version to operate.

   Once you run checksetup.pl, the only way to go back is to restore the database backups. You can't "downgrade" the system cleanly under most circumstances.

If Bugzilla is set up correctly from the start, continuing maintenance needs are minimal and can be done easily using the web interface.

Commercial Bug-tracking software typically costs somewhere upwards of $20,000 or more for 5-10 floating licenses. Bugzilla consultation is available from skilled members of the newsgroup. Simple questions are answered there and then.

It all depends on your level of commitment. Someone with much Bugzilla experience can get you up and running in less than a day, and your Bugzilla install can run untended for years. If your Bugzilla strategy is critical to your business workflow, hire somebody with reasonable UNIX or Perl skills to handle your process management and bug-tracking maintenance & customization.

No. MySQL asks, if you find their product valuable, that you purchase a support contract from them that suits your needs.

The most-likely cause is that the "cookiepath" parameter is not set correctly in the Bugzilla configuration. You can change this (if you're a Bugzilla administrator) from the editparams.cgi page via the web.

The value of the cookiepath parameter should be the actual directory containing your Bugzilla installation, as seen by the end-user's web browser. Leading and trailing slashes are mandatory. You can also set the cookiepath to any directory which is a parent of the Bugzilla directory (such as '/', the root directory). But you can't put something that isn't at least a partial match or it won't work. What you're actually doing is restricting the end-user's browser to sending the cookies back only to that directory.

How do you know if you want your specific Bugzilla directory or the whole site?

If you have only one Bugzilla running on the server, and you don't mind having other applications on the same server with it being able to see the cookies (you might be doing this on purpose if you have other things on your site that share authentication with Bugzilla), then you'll want to have the cookiepath set to "/", or to a sufficiently-high enough directory that all of the involved apps can see the cookies.

Examples:

        urlbase is https://bugzilla.mozilla.org/
        cookiepath is /

        urlbase is http://tools.mysite.tld/bugzilla/
                but you have http://tools.mysite.tld/someotherapp/ which shares
                authentication with your Bugzilla
        cookiepath is /
              

On the other hand, if you have more than one Bugzilla running on the server (some people do - we do on landfill) then you need to have the cookiepath restricted enough so that the different Bugzillas don't confuse their cookies with one another.

Examples:

        urlbase is https://landfill.bugzilla.org/bugzilla-tip/
        cookiepath is /bugzilla-tip/

        urlbase is https://landfill.bugzilla.org/bugzilla-2.16-branch/
        cookiepath is /bugzilla-2.16-branch/
              

If you had cookiepath set to / at any point in the past and need to set it to something more restrictive (i.e. /bugzilla/), you can safely do this without requiring users to delete their Bugzilla-related cookies in their browser (this is true starting with Bugzilla 2.17.7 and Bugzilla 2.16.5).

First, make sure cookies are enabled in the user's browser.

If that doesn't fix the problem, it may be that the user's ISP implements a rotating proxy server. This causes the user's effective IP address (the address which the Bugzilla server perceives him coming from) to change periodically. Since Bugzilla cookies are tied to a specific IP address, each time the effective address changes, the user will have to log in again.

In newer versions of Bugzilla (2.17.1 and later) there is a parameter called "loginnetmask", which you can use to set the number of bits of the user's IP address to require to be matched when authenticating the cookies. If you set this to something less than 32, then the user will be given a checkbox for "Restrict this login to my IP address" on the login screen, which defaults to checked. If they leave the box checked, Bugzilla will behave the same as it did before, requiring an exact match on their IP address to remain logged in. If they uncheck the box, then only the left side of their IP address (up to the number of bits you specified in the parameter) has to match to remain logged in.

Run MySQL like this: "mysqld --skip-grant-tables". Please remember this makes MySQL as secure as taping a $100 to the floor of a football stadium bathroom for safekeeping.

The Bugzilla code has undergone a reasonably complete security audit, and user-facing CGIs run under Perl's taint mode. However, it is recommended that you closely examine permissions on your Bugzilla installation, and follow the recommended security guidelines found in The Bugzilla Guide.

This is a common problem, related to running out of file descriptors. Simply add "ulimit -n unlimited" to the script which starts mysqld.

The user should be able to set this in user email preferences (uncheck all boxes) or you can add their email address to the data/nomail file.

Edit the "newchangedmail" Param. Replace "To:" with "X-Real-To:", replace "Cc:" with "X-Real-CC:", and add a "To: <youremailaddress>".

Try Klaas Freitag's excellent patch for "whineatassigned" functionality. You can find it at https://bugzilla.mozilla.org/show_bug.cgi?id=6679. This patch is against an older version of Bugzilla, so you must apply the diffs manually.

You can call bug_email.pl directly from your aliases file, with an entry like this:

bugzilla-daemon: "|/usr/local/bin/bugzilla/contrib/bug_email.pl"

You can find an updated README.mailif file in the contrib/ directory of your Bugzilla distribution that walks you through the setup.

If you are using an alternate Mail Transport Agent (MTA other than sendmail), make sure the options given in the "processmail" and other scripts for all instances of "sendmail" are correct for your MTA.

If you are using Sendmail, try enabling "sendmailnow" in editparams.cgi. If you are using Postfix, you will also need to enable "sendmailnow".

Double-check that you have not turned off email in your user preferences. Confirm that Bugzilla is able to send email by visiting the "Log In" link of your Bugzilla installation and clicking the "Email me a password" button after entering your email address.

If you never receive mail from Bugzilla, chances you do not have sendmail in "/usr/lib/sendmail". Ensure sendmail lives in, or is symlinked to, "/usr/lib/sendmail".

Red Hat's old version of Bugzilla (based on 2.8) worked on Oracle. Red Hat's newer version (based on 2.17.1 and soon to be merged into the main distribution) runs on PostgreSQL. At this time we know of no recent ports of Bugzilla to Oracle but do intend to support it in the future (possibly the 2.20 time-frame).

Run the "sanity check" utility (./sanitycheck.cgi in the Bugzilla_home directory) from your web browser to see! If it finishes without errors, you're probably OK. If it doesn't come back OK (i.e. any red letters), there are certain things Bugzilla can recover from and certain things it can't. If it can't auto-recover, I hope you're familiar with mysqladmin commands or have installed another way to manage your database. Sanity Check, although it is a good basic check on your database integrity, by no means is a substitute for competent database administration and avoiding deletion of data. It is not exhaustive, and was created to do a basic check for the most common problems in Bugzilla databases.

There is no facility in Bugzilla itself to do this. It's also generally not a smart thing to do if you don't know exactly what you're doing. However, if you understand SQL you can use the mysql command line utility to manually insert, delete and modify table information. There are also more intuitive GUI clients available. Personal favorites of the Bugzilla team are phpMyAdmin and MySQL Control Center.

Try running MySQL from its binary: "mysqld --skip-grant-tables". This will allow you to completely rule out grant tables as the cause of your frustration. If this Bugzilla is able to connect at this point then you need to check that you have granted proper permission to the user password combo defined in localconfig.

Running MySQL with this command line option is very insecure and should only be done when not connected to the external network as a troubleshooting step.

Well, you can synchronize or you can move bugs. Synchronization will only work one way -- you can create a read-only copy of the database at one site, and have it regularly updated at intervals from the main database.

MySQL has some synchronization features builtin to the latest releases. It would be great if someone looked into the possibilities there and provided a report to the newsgroup on how to effectively synchronize two Bugzilla installations.

If you simply need to transfer bugs from one Bugzilla to another, checkout the "move.pl" script in the Bugzilla distribution.

Remove Windows. Install Linux. Install Bugzilla. The boss will never know the difference.

Not currently. Bundle::Bugzilla enormously simplifies Bugzilla installation on UNIX systems. If someone can volunteer to create a suitable PPM bundle for Win32, it would be appreciated.

Depending on what Web server you are using, you will have to configure the Web server to treat *.cgi files as CGI scripts. In IIS, you do this by adding *.cgi to the App Mappings with the <path>\perl.exe %s %s as the executable.

Microsoft has some advice on this matter, as well:

"Set application mappings. In the ISM, map the extension for the script file(s) to the executable for the script interpreter. For example, you might map the extension .py to Python.exe, the executable for the Python script interpreter. Note For the ActiveState Perl script interpreter, the extension .pl is associated with PerlIS.dll by default. If you want to change the association of .pl to perl.exe, you need to change the application mapping. In the mapping, you must add two percent (%) characters to the end of the pathname for perl.exe, as shown in this example: c:\perl\bin\perl.exe %s %s"

Your modules may be outdated or inaccurate. Try:

1. Hitting http://www.activestate.com/ActivePerl

2. Download ActivePerl

3. Go to your prompt

4. Type 'ppm'

5. PPM> install DBI DBD-mysql GD

New in 2.16 - go to the Account section of the Preferences. You will be emailed at both addresses for confirmation.

The interface was simplified by a UI designer for 2.16. Further suggestions for improvement are welcome, but we won't sacrifice power for simplicity.

The current behavior is acceptable to bugzilla.mozilla.org and most users. You have your choice of patches to change this behavior, however.

The most likely cause is a very old browser or a browser that is incompatible with file upload via POST. Download the latest Netscape, Microsoft, or Mozilla browser to handle uploads correctly.

In the Bugzilla administrator UI, edit the keyword and it will let you replace the old keyword name with a new one. This will cause a problem with the keyword cache. Run sanitycheck.cgi to fix it.

The logic flow currently used is RESOLVED, then VERIFIED, then CLOSED. You can mass-CLOSE bugs from the change several bugs at once page. but, every bug listed on the page has to be in VERIFIED state before the control to do it will show up on the form. You can also mass-VERIFY, but every bug listed has to be RESOLVED in order for the control to show up on the form. The logic behind this is that if you pick one of the bugs that's not VERIFIED and try to CLOSE it, the bug change will fail miserably (thus killing any changes in the list after it while doing the bulk change) so it doesn't even give you the choice.

Try this link to view current bugs or requests for enhancement for Bugzilla.

You can view bugs marked for 2.18 release here. This list includes bugs for the 2.18 release that have already been fixed and checked into CVS. Please consult the Bugzilla Project Page for details on how to check current sources out of CVS so you can have these bug fixes early!

This is well-documented here: https://bugzilla.mozilla.org/show_bug.cgi?id=49862. Ultimately, it's as easy as adding the "---" priority field to your localconfig file in the appropriate area, re-running checksetup.pl, and then changing the default priority in your browser using "editparams.cgi".

1. Enter a bug into bugzilla.mozilla.org for the "Bugzilla" product.

2. Upload your patch as a unified diff (having used "diff -u" against the current sources checked out of CVS), or new source file by clicking "Create a new attachment" link on the bug page you've just created, and include any descriptions of database changes you may make, into the bug ID you submitted in step #1. Be sure and click the "Patch" checkbox to indicate the text you are sending is a patch!

3. Announce your patch and the associated URL (https://bugzilla.mozilla.org/show_bug.cgi?id=XXXXXX) for discussion in the newsgroup (netscape.public.mozilla.webtools). You'll get a really good, fairly immediate reaction to the implications of your patch, which will also give us an idea how well-received the change would be.

4. If it passes muster with minimal modification, the person to whom the bug is assigned in Bugzilla is responsible for seeing the patch is checked into CVS.

5. Bask in the glory of the fact that you helped write the most successful open-source bug-tracking software on the planet :)