Bugzilla Project Updates

As you know, we’re working on two fronts in Bugzilla Development:

A quality-of-life release (5.2) which includes support for utf8mb4,

MySQL 8 compatibility, and compatibility with the latest versions of perl.

A feature-packed release (6.0) which includes the UX/UI from bugzilla.mozilla.org, based on mojolicious.

The 5.2 Update

At the behest of justdave I’ve focused my attention on the quality of life release (5.2). I had desired to be able to release that this week, but this has fallen short because of unforeseen complications.

Here’s a list of things that are ready in the 5.2 branch:

  • MySQL 8 regexp compatibility (it turns out our default emailregexp wasn’t compatible with MySQL 8)
  • SQLite works again (sqlite was broken and is untested in the 5.2 branch)
  • Fixing Safe.pm bug in latest perl (the latest perl has a bug with Safe and Bugzilla must work around it)
  • checksetup.pl completes and large parts of the code work on MySQL 8

The problems remaining are that it is there are many places where snippets of sql are generated and it is non-obvious where and when to quote them. There are cases where an ORDER BYmust be quoted, for instance.

Because the patch set to quote all occurrences of is already quite large, I began exploring a more comprehensive fix on February 3rd. This approach is promising, and may result in a bit of reusable code useful to other Perl applications that have forbidden column or table names that used to work.

At the time of writing, I have written a mysql expression parser that can handle nearly every SQL expression used in Bugzilla. It takes a SQL expression and then quotes all column and table references. While the parser is over 300 lines, it means the overall patch is localized to one new file and a minor change to Bugzilla::DB. I hope to finish the parser this week, and have the patch in review over the weekend (Feb 8/Feb 9).

The 6.0 Update

Since the last meeting, I came up with this (rough) release plan. I’m working on the second version of this, but the gist here is very accurate. We know the “6.0” release will work, because we know bugzilla.mozilla.org works every day. 🙂

  • Delete Mozilla-specific code and branding
    • The Mozilla logo
    • Make it so nobody@mozilla.org is not hard-coded anywhere
    • Remove the Bugzilla::Report::* classes as those are specific reporting features of BMO that
  • Ensure a migration (schema migration) is possible from 5.0 to 6.0.
    • This is mainly a matter of reversing the “multiple aliases” support that was added in 5.0 but is not going to be present in 6.0.
    • There are complications involving the db schema and how email works that are TBD
  • If possible, some dependencies that are difficult to package (or not maintained well) must be dropped.
    • Mostly this is Data::Password::passwdqc.
    • As we will not add new features, this means forgoing password complexity checks which is actually a good thing as passwdqc rejects perfectly fine randomly generated passwords and people hate it.
  • Validate that we can run against PostgreSQL

An apology for impetuous tweeting

I’d like to apologize to this tweet. The events were playing out, and it felt urgent that I act and so I did. I think now I would have said nothing, but still written the letter I ended up writing. That tweet and a few others1 felt impetuous and not how I would like to present myself.

I’m also aware that I hurt at least one close friend, and I am sorry for that. I will try harder to think before I tweet.

  1. There is one where I insulted someone in a mean way that I deleted, but my mistakes remain published.

Open Letter to European Perl Conference

To the organizers of the European Perl Conference in Riga.

I have been involved in the perl community for 22 years. I feel a moral obligation to ensure people that I have introduced to it can continue to feel welcomed and safe. This letter is not meant to shame anyone, but it is public to provide some level of proof that people in the community care about enforcing codes of conduct.


There’s actually two issues at hand. The first one is that a person violated the Standards of Conduct (Code of Conduct) at the last Perl Conference in Pittsburgh and is slated to be a keynote speaker for the Perl Conference in Riga.

UPDATE: The keynote speaker issue has been resolved. The rest of this letter remains accurate.

The second issue is that after some prominent people raised concern, there was a perhaps hastily-written blog post that ended with a transphobic joke. The blog post was subsequently edited to remove the joke, along with some tweets relating to the issue.

Adding to the first issue, some may question the acceptability of deadnaming if the victim does not care. It would appear that is still a violation of Standards of Conduct.

Some have already pointed out the bad optics around this, and I’m not here to talk about that. I do care about how this looks to the world at large. This is an open letter precisely because handling this issue in secret would be worse than talking about it.

We’re going to cover Safety and Gender, and at the end some ways which we can resolve this issue. I am not the best person to cover these topics, but I am doing so because that lifts the burden from members of the minority having to explain again and again why something hurt because people want facts.


People will report Code of Conduct violations. The important question is, how will you handle those incidents and enforce your CoC?

Sage Sharp, 2016-01-25

The underlying issue is one of Safety. Vulnerable individuals attending conference must have faith that the code of conduct will be upheld. No one should be above reproach, and if a person violates the code at an event, it should inform decisions towards that person at other events.

This does not necessarily mean that the person need to be barred from the event — I do not hold an opinion on that matter — but some obviously feel that having the person be a keynote speaker does send a signal that perhaps the conference does not take ensuring the safety of attendees seriously.

You do not have to agree with me on this issue, but you also cannot argue about what trade-offs people make with their personal safety.

For additional information about safety, there is no better source than this collection of FAQs about Codes of Conduct


Assuming you’re still with me, you agree that people need to feel safe. But you’re struggling because you don’t think the behavior was serious enough.

we’re not talking about serious stuff! He just used the wrong name and pronouns!

some random internet person

This belief is false. Misgendering trans people causes harm.

In the AP News article Misgendering is not a lightweight ‘mistake’ Karolyn Wilson explains that empathy can inform sympathies:

I can’t speak for transgender men and women, but empathy can inform my sympathies: if I feel insulted and demeaned when I am misgendered, how much worse is it for someone who has had to work so much harder than I have to make their outsides match their insides, for someone who is in so much more danger of being discounted as a person or persecuted for who they are?

Karolyn Wilson, Misgendering is not a lightweight ‘mistake’

If you’re reading this and you’re cisgender, presumably you can think back to a time when you were misgendered. If that is not the case, perhaps imagine what it would feel like.

These situations, imagined or otherwise to this tend to have reactions that fall somewhere in a spectrum, but with typical reactions being:

  • You could feel as Karolyn Wilson did — as less of a person, less solid, and less seen
  • Or perhaps you will feel as I did when I first thought about this experience: Indifferent.

If you feel indifferent, and are not yet capable of understanding why gender identity is important you must start believing the lived experience of trans people. You should watch this video by Vi Hart (5 minutes). A quote from this video resonated with me when I first saw it:

My condescending teenager attitude came from a false belief that other people are basically like me.

Vi Hart

I think watching that video and internalizing the line of reasoning Vi Hart uses can help those that are cisgender but not strongly attached to the concepts or expectations of gender.

Now at this point, if you’re still reading I hope you’re with me. Perhaps you’ve read to this point, but you take issue with the joke being characterized as transphobic.

The reason people had a negative reaction to the comment about the perl conference identifying with a different name is because the conference is not a person and drawing this absurd parallel is an attack. This is quite similar to saying ”I identify as an attack helicopter” which is also transphobic and an attack on the concept of gender identity.

There isn’t space to go into this, but this video about gender and this video transphobia are not very long and cover things much better than I can.

I guess I’m done with this topic. As after this some people may label me as a SJW, I’ll pre-emptively tell you to watch The Straight White Man’s Guide to Feminism and Social Justice.


Right now people are upset. Several prominent people have called for a boycott of the conference. I’m sure this is not intended. Organizing a conference is very hard, it’s difficult to get the right kinds of help. It’s very stressful and then this happens and people are making demands and I know it must feel like you’re being attacked.

When people say things like “I am appalled by something you have done” it doesn’t mean they are attacking you. It coveys some amount of surprise, and they’re telling you this because they think you are better than the action and can decide to do something different.

Let’s walk it back. There are concrete steps that can be taken to alleviate this problem, and in fact shine.

  1. The SoC violating keynote speaker cannot be a keynote speaker.
  2. An apology for the removed blog post. It was a natural mistake — people will easily forgive such as thing if the apology is genuine.
  3. A commitment to safety must be made. It is not apparent if this conference has a Code of Conduct. The Glasgow conference did, but I don’t see this mentioned initially but I did not look very closely.

happy bmo push day: now with added contrast

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1225902] Show only flags with requestee in the “Flags You Have Requested” section
  • [1552720] Linkify bug summaries on My Dashboard query table
  • [1542554] Add bug type icons to dependency trees
  • [1514000] Suppress duplicated changes in bug history made at the same time mainly due to mid-air collisions
  • [1523536] New bug’s “Choose from your most-used components” list is slow to show up
  • [1538115] Add shortcuts for tracking & status flags
  • [1553893] Remove horizontal rule from summary section as well as when email notifications are sent
  • [1552885] Fix issues in the post-Sandstone skin including low contrast, visited links and small font size
  • [1283312] Advanced Search page doesn’t list Flags and many other fields in Search By Change History
  • [1543489] Update firefox-crash-table.js to use cached firefox_versions.json
  • [1553780] Can’t type/paste text into attachment contents and set text/html mimetype
  • [1546437] group reviewers not properly flagged in “Phabricator Revisions” bugzilla section

discuss these changes on mozilla.tools.bmo.

happy bmo push day (May 16th)

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1546502] Miscellaneous tweaks and fixes for 2019 week 16
  • [1345750] “Depends on” and “Blocks” bug lists should still show list of bug links in edit mode
  • [1544059] Cloning a bug as a blocker doesn’t copy the ‘component’ field
  • [1543741] Blocklist requests getting filed as ‘defect’ instead of ‘task’ because of custom form
  • [1543456] Keep bug type passed to enter_bug.cgi via query, including cloned bug, even after component is selected
  • [1544132] Allow editing empty Descriptions
  • [1546539] [SEO] Many legacy and printable bug pages are cached by Google
  • [1546774] Show Dependency Tree link even if there’s only one bug
  • [1546624] Add a ‘everchanged’ operator
  • [1546146] Show bug types in See Also
  • [1543438] Enter Bug page: Hide Severity and Mentors as advanced fields
  • [1543189] Add search pronouns: %triageowner% and %self%
  • [1541617] Allow Products to set a default bug type.
  • [1547098] Limit the height of code in Markdown so the horizontal scrollbar can be found and used easily
  • [1535574] Reply to Markdown comment adds extra line above quoted text but not below
  • [1546444] Security Bugs Report: Parameterize the time that the report is run at
  • [1547714] Attachment with application/octet-stream MIME type should not be previewed even if it’s actually text file
  • [1549007] “From Reporter” populates 64-bit Windows 8.1 as x86
  • [1550439] Type is reset on hard-refresh with “Always Enable Edit Mode”
  • [1546877] Slow Script warning on bugzilla page when loading preview of large json file
  • [1548725] Change crash signature & report links from crash-stats.mozilla.com to .org
  • [1550145] Add ‘forget_after_date’ field to profiles table
  • [1549287] Ghost selection on modal module headers
  • [1550104] Add “Has STR” and “Has Regression Range” fields for Graveyard products
  • [1545330] Add bug type to open graph data on bug detail page.
  • [1541618] Add triage owner to edit components view columns.
  • [1521423] Links to comments are not correct in bugmail
  • [1225902] Show only flags with requestee in the “Flags You Have Requested” section
  • [1540715] Security Bugs Report: Fix date offset of historical dates
  • [1549637] Homepage link on the global header is wrong
  • [1377977] Implement initial version of post-Sandstone theme including Dark Mode

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1541303] Default component bug type is not set as expected; enhancement severity is still used for existing bugs
  • [1543760] When cloning a bug, the bug is added to ‘Regressed by’ of the new bug
  • [1543718] Obsolete attachments should have a strikethrough
  • [1543798] Do not treat email addresses with invalid.bugs as unassigned when displaying bugs
  • [1544304] Wrong escaping of quotes in attachment titles.
  • [1541555] Add facility for requiring an API Key to always come from the same IP address
  • [1545295] socorro lens chart for crash statistics blocked by CSP (Blocked by Content Security Policy)
  • [1543163] Make Toolkit :: Blocklist Policy Request component private by default
  • [1545269] Request for Bug Dependency Graphs return a 404

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

Note that I’ve missed the last two push announcements, you’ll want to check https://wiki.mozilla.org/BMO/Recent_Changes#Recent_Changes to be fully up-to date. That said, we’ve been very busy. In the past 30 days.

6 authors have pushed 76 commits to master and 81 commits to all branches.
On master, 213 files have changed and there have been 2,852 additions
and 850 deletions.

Below the fold are all the changes for this most recent push.

Continue reading “happy bmo push day!”

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1523317] Exclude Graveyard products from QuickSearch results
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
  • [1524213] phabricator revisions list on bug page has extra / in the revision link
  • [1523404] Cannot clear all scopes when editing an oauth2 client. Throws DB error
  • [1525308] Custom Bug Entry Form for Blocklist Policy Requests
  • [1525451] Update triage owner report defaults
  • [1524158] markdown generated by approval comment form could be improved
  • [1525808] Remove CC changes from activity stream
  • [1476111] Enable syntax highlighting in comment code blocks
  • [1528334] Adding image to main bugzilla screen for User Research
  • [1047539] Bugmails including “See Also” bug links do not include a “Referenced Bugs” section with the summary of the other bug
  • [1402894] Remove “Restrict this session to this IP” option from login page
  • [1461492] Add an optional regressed-by field in bugs
  • [1528277] Add “Has STR” and “Has Regression Range” fields for the ‘External Software Affecting Firefox’ product

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1511490] BMO’s oauth tokens should be use jwt
  • [1519782] The OrangeFactor extension should link back to Intermittent Failure View using ‘&tree=all’
  • [1523004] Sort Phabricator revisions by numeric value instead of alphabetically
  • [1523172] Advanced Search link on home page doesn’t always take me to Advanced Search
  • [1523365] Ensure all requests have the HSTS header (if configured)
  • [1433080] No longer show the template for tracking & release notes requests
  • [1522731] When you click “Update comment”, the button changes size and the “Cancel” button jumps underneath your cursor, causing momentary panic that you canceled your edit
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1511261] request queue page shows ‘Bugzilla::User=HASH(…)’ instead of username
  • [1520856] “Opt out of these emails” at bottom of overdue request nagging emails doesn’t open desired page
  • [1520011] Phabbugz panel short description missing
  • [1518886] Remove outdated build plan code from PhabBugz extension used to move revisions from draft mode.
  • [1509329] Do not display revisions that have moved out of the bug, but note the move in the bug history
  • [1520533] Utilize Markdown in uplift form comments
  • [1521653] Cannot edit comments after creating or updating an attachment
  • [1518268] Re-style all markdown content, consistently
  • [1520202] Sometimes the browser can cache the wrong version of an asset
  • [1517429] Search: Filter out by default Product containing “Graveyard”
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
  • [1520582] Block ips of users that get too many page errors
  • [1522155] Closed bug links don’t get their strike-through

discuss these changes on mozilla.tools.bmo.