MariaDB recently announced the migration of the JIRA bug tracking system from the current Atlassian-hosted instance to a self-hosted installation to be found at jira.mariadb.org. This likely isn’t a big deal to the community, and MariaDB is being very proactive in coordinating this change in the community – but it’s an opportunity for me to ask a few questions regarding MariaDB’s JIRA usage to which I can’t find answers. I certainly welcome answers, feedback or clarification from MariaDB staff.
Before getting started, I should say that I appreciate MariaDB – the product, the company, the staff and the foundation. MariaDB/SkySQL/Monty Programs serve a unique and useful purpose for community, users and staff who prefer not to deal with Oracle. I don’t view myself as a critic of MariaDB, and I consider a good number of MariaDB staff my friends. Getting a better understanding of how MariaDB operates the bug system is of interest to me, and perhaps the larger community as well.
Why are some bug reports private?
As of this writing, the Atlassian-hosted MariaDB JIRA instance has 9606 issues in the MDEV project. A small number of these – forty – are not publicly-accessible, and users trying to access them are redirected to the Atlassian Cloud login (UPDATE: Seven of the forty issues originally listed actually redirect to a public issue in a different project, not the login page). Below is a list of these private bug reports (try for yourself):
MDEV-4433 MDEV-4625 MDEV-4828
MDEV-5902 MDEV-6078 MDEV-6267 MDEV-6670
Forty bugs out of 9600+ bug reports is not a large percentage – less than 0.5% of all bug reports seem to be restricted from public viewing. My initial thought was that these may be security defects, but with some bug reports dating back to 2012, that seems unlikely. It would be nice to understand why some bug reports are restricted, and who has access to them.
Why are some projects private?
This is a much more interesting question for me. I originally understood that all MariaDB development work was tracked in public forums, and with the few exceptions listed above, that seems to be true – at least for the MDEV project. However, it seems that there are at least two other projects that contain many issues which are entirely private. I don’t find any documentation on these queues or their purpose; knowledge of their existence results only from a couple of comments in other forums.
In this email discussion, Jan cites the creation of an issue in the “TODO” project, which is later copied over to the MDEV project to “make it totally public.” The original TODO issue – TODO-776 – requires login to access, as does the entire project. The issue identifier suggests there are at least 775 other issues in this private project (as of January 2016).
The comments and history of MDEV-7595 reveal another private project (“ME”):
|Field||Original Value||New Value|
|Project||MariaDB Entreprise & Cluster [ 10500 ]||MariaDB Server [ 10000 ]|
This at least clarifies that the ME project supports MariaDB Enterprise & Cluster, and there were 132 issues in that project a year ago when this was first filed.
How many projects/issues are private?
The projects/issues cited above reveal about 1000 private issues / bug reports – a number that’s over 10% of all public bug reports in the MDEV project. Because the only information on these projects comes from accidental disclosure, it’s unclear whether additional private projects may exist, or what the current issue counts are. Are there other projects beyond the TODO and ME projects listed above which are inaccessible to the public?
Who owns MariaDB’s JIRA instance(s)?
I don’t exactly know whether the MariaDB JIRA instance is maintained by the MariaDB Corporation or the MariaDB Foundation. The URL for the new JIRA installation (jira.mariadb.org) suggests this is a Foundation property, but the announcement of the change comes from Rasmus Johansson, who serves the dual roles of Foundation Chairman and VP of Engineering for MariaDB Corporation. The “MariaDB Entreprise & Cluster” project name suggests MariaDB Corporation usage – is that moving to jira.mariadb.org as well?
This question is intertwined with the earlier questions. For example, why should the MariaDB Foundation have access to private bugs or development plans for the MariaDB Corporation? And if it’s the Foundation’s bug reports or development plans which are private, why should MariaDB Corporation staff have special access to such issues? The distinction between the MariaDB Corporation and MariaDB Foundation is important, and the current state of the bugs system causes confusion. If the migration plans will help clarify the distinction in the bugs system, it would be good to articulate this.
As I noted earlier, I’m interested in learning more about how MariaDB operates the JIRA instance, particularly as this moves to a self-hosted instance. I welcome any MariaDB policy clarification as it relates to public vs. private issues and JIRA projects and ownership of the JIRA system.