I endorse basically all of this. (I had really hoped to be able to put significant effort into modernizing debbugs over the past year or so,

I understand time is always a limitation, but if/when you have time
for debbugs, could you please prioritize reviewing/merging the open
MRs?

I would assume Debbugs might evolve without you having to personally
do all the improvements, if you allow improvements done by others flow
in.
As an example, I have had https://salsa.debian.org/debbugs-team/debbugs/-/merge_requests/6 open
for 4 years now.


Thanks!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 27, 2025 at 06:46:29PM +0200, Julien Plissonneau Duquène wrote: >Unlike some people I believe that debbugs can be improved and

modernized in a satisfying way while retaining most if not all of its
current interfaces. This would minimize breakage and inconvenience for >developers that are mostly fine with the way it currently works.

I endorse basically all of this. (I had really hoped to be able to put significant effort into modernizing debbugs over the past year or so,
but it turns out that other projects are using up most of my web-application-development effort, and the rest has been mostly going
into whichever of OpenSSH and the Python team needs more attention this
month ...)

I'm considering getting my hands into that thing later this year, so
let me try to summarize the relevant parts of the previous threads
(with the intent of documenting this in a wiki page).

We would like debbugs to:
0. keep all the e-mail features it currently offers
1. process new requests and give feedback instantly
2. hide e-mail addresses from public (unauthenticated) web browsing
3. have a web UI that makes it possible to submit bugs, reply to bugs, >manipulate bugs

In my view, an absolute prerequisite for all of this is moving from the
current flat-file structure to a proper database; the current data
structures just don't perform well enough to be usable as the foundation
for a modern web UI. Don has some branches on https://salsa.debian.org/debbugs-team/debbugs that make a start at
switching to PostgreSQL, and he can probably fill you in on more
details.

4. have some GitLab (Salsa) integration

At least for signon, so that we don't have to track another set of
accounts. (And of course people would be able to keep using
unauthenticated email-based workflows anyway, per your point 0.)

5. have better, restructured, simplified documentation with full
examples
6. track merge requests.

I'm not very sure about point 6, but I think points 1-5 will be more
than enough to be getting on with and will likely make it clearer what
should be done next. Best to start with things that are reasonably well understood.

Implementing 2. is likely to break habits and maybe some tools, as
currently there is no authentication at all on debbugs web UI and you
can use it to view full headers, download mboxes and generate a
working reply mailto: link. It also won't completely solve the privacy
issue, as e-mail addresses can also be found in git repositories and
mailing list archives. IMO it would be better to recommend using a
dedicated e-mail address.

Mostly agreed, though I do think the last sentence is a bit of a
cop-out. Yes, if you absolutely want to hide an email address then it
probably has to be a single-purpose one, but that isn't exactly an
excuse for debbugs being quite as liberal with them as it is.

I'd add that it's probably time to start sending out debbugs email
"From: Some Person <NNNNNN@bugs.debian.org>" rather than acting as a
sort of relay that modifies messages on the way through. The latter
approach made sense 20 years ago, but it's just not good enough at
ensuring deliverability in the modern internet. We made a similar
change a few years ago when I was working on Launchpad (https://blog.launchpad.net/notifications/bug-emails-now-use-the-bugs-address-in-the-from-header)
and never regretted it.

It would have to be done thoughtfully (e.g. there might still need to be
some way to explicitly take a bug conversation private), but on the
whole I think that change would probably actually work better with the
more email-centric workflow of debbugs, where at the moment it's far too
easy for people to end up taking bug conversations private _by mistake_.
I'm bringing it up here because it's an important part of making sure
that debbugs doesn't just replay everyone's email addresses through to
mailing list archives.

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/05/2025 17:46, Julien Plissonneau Duquène wrote:

I'm considering getting my hands into that thing later this year, so let
me try to summarize the relevant parts of the previous threads (with the intent of documenting this in a wiki page).

We would like debbugs to:
0. keep all the e-mail features it currently offers

IMHO, this is a security flaw, not a feature. I hear that everyone loves
it, so at least the emails should be authenticated somehow (@debian only
maybe? one-time register-confirm emails?).

1. process new requests and give feedback instantly

My opinion now is that debbugs runs pretty frequently, but emails get
rejected randomly, leading to a 30min wait for mail queue reruns. This
is probably a mail server config issue.

2. hide e-mail addresses from public (unauthenticated) web browsing

Yes please, and email headers hidden from even authenticated users. No
one needs to know anyone's home/work IP address and what provider they
use. IP Address is covered under PII in GDPR/UKGDPR/etc.. and debian
doesn't even warn about it and it's stuck forever online.
With pseudo-headers, there is no need for SMTP headers anymore.

3. have a web UI that makes it possible to submit bugs, reply to bugs, manipulate bugs
4. have some GitLab (Salsa) integration
5. have better, restructured, simplified documentation with full examples

Current documentation is good actually, but you have to find the right
page. And if #3 is easy enough to use, don't need to RTFM to send a
special email.

6. track merge requests.

May I also add:

- Proper email handling, can't just change From/To/Subject on a
DKIM-signed email and forward it along, email servers don't like it and
report it automatically as abuse at original sender.
This needs ARC which is complicated. Or just forward from debbugs email
only.

BTW I don't think that Bugzilla, GitLab issues or even JIRA would be
suitable replacements for debbugs. FWIW some Apache projects including
the whole Maven project are now migrating away from JIRA to GitHub
issues, but they also have a fairly different usage pattern than Debian.
For Debian maybe something like Redmine could work (I'm not suggesting a change, but looking at alternatives may give some ideas).

None of these are a drop-in replacement or perfect, but they all have a Database data model (faster search/query), some API endpoint
(REST/SOAP/...), account management/SSO, client-side processing (dynamic dropdowns, expand/collapse javascript, basic web 2.0 ajax stuff), some "product" or grouping mechanism for authorisation (not open to everyone
flat list of packages), and a form of workflow/status per issue "type"
that you can see (debbugs only has tags/flags).


Having said all that, any improvements would be highly appreciated.
Thanks for looking into it.

--
Regards,
Ahmad

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/05/25 at 18:46 +0200, Julien Plissonneau Duqu�ne wrote:

6. track merge requests.

Maybe something similar to bts-link[0]?
- add a new field that allows pointing to a merge request (similar to
the 'forwarded' field)
- have a bot that processes bugs with merge requests and adjust BTS tags
(add 'patch' if the bug has a MR; add 'pending' if the MR has been
merged)

[0] https://bts-link-team.pages.debian.net/bts-link/

Lucas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 27, 2025 at 10:37:22AM -0700, Otto Kekäläinen wrote:

I would assume Debbugs might evolve without you having to personally
do all the improvements, if you allow improvements done by others flow
in.
As an example, I have had >https://salsa.debian.org/debbugs-team/debbugs/-/merge_requests/6 open
for 4 years now.

This really needs Don to have a look, because I'm, um, not entirely
certain where he deploys the actual code from, so I'm reluctant to
effectively declare https://bugs.debian.org/debbugs-source/ obsolete.
(This all changed around during a period when I was completely
inactive.)

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue May 27, 2025 at 7:30 PM BST, Ahmad Khalifa wrote:

0. keep all the e-mail features it currently offers

IMHO, this is a security flaw, not a feature. I hear that everyone loves
it, so at least the emails should be authenticated somehow (@debian only maybe? one-time register-confirm emails?).

Can you expand on why you think manipulating bugs by mail is a security
flaw?

--
Please do not CC me for listmail.

👱🏻 Jonathan Dowland
✎ jmtd@debian.org
🔗 https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/05/2025 21:59, Lucas Nussbaum wrote:

- add a new field that allows pointing to a merge request (similar to
the 'forwarded' field)

My intuition is that there are cases where we would like to link several
merge requests (possibly in different repositories) to a single bug.

- have a bot that processes bugs with merge requests and adjust BTS
tags
(add 'patch' if the bug has a MR; add 'pending' if the MR has been
merged)

We already have a bot that scans commits, e.g. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105956#28
maybe it could be modified to also process merge requests and add a
"patch" tag automatically?

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-05-27 20:30, Ahmad Khalifa a écrit :

On 27/05/2025 17:46, Julien Plissonneau Duquène wrote:

0. keep all the e-mail features it currently offers

IMHO, this is a security flaw, not a feature. I hear that everyone
loves it, so at least the emails should be authenticated somehow
(@debian only maybe? one-time register-confirm emails?).

We have to be careful with changes here, as they could easily become
major annoyances for casual and even regular contributors.

We probably want to keep posting to submit@ and NNN(-*)@ (excepted
-done) open as it is, despite the spam that sometimes gets through.
control@, NNN-done@ and some pseudo-header instructions could eventually
be restricted to "known" senders or subject to a confirmation token and
message (like mailing-list subscriptions).

1. process new requests and give feedback instantly

My opinion now is that debbugs runs pretty frequently, but emails get rejected randomly, leading to a 30min wait for mail queue reruns. This
is probably a mail server config issue.

That should be investigated, but it could also be caused by the remote
mail server.

Current documentation is good actually, but you have to find the right
page.

This "you have to find (or remember) the right page" part is one of the
areas that could greatly be improved ;)

May I also add:

- Proper email handling

There is indeed a stash of bugs in this area that need to be addressed.

they all have a Database data model (faster search/query)

Having some experience with databases, I'm not convinced that a RDBMS
(SQL) is a necessity here. Better indexing and caching would definitely
help though.

some API endpoint (REST/SOAP/...)

REST APIs (a backend one, and a public one) are part of the plan.

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, May 28, 2025 at 01:53:21PM +0200, Julien Plissonneau Duquène wrote: >>>1. process new requests and give feedback instantly

My opinion now is that debbugs runs pretty frequently, but emails
get rejected randomly, leading to a 30min wait for mail queue
reruns. This is probably a mail server config issue.

That should be investigated, but it could also be caused by the remote
mail server.

It's greylisting.
I assume it's intentional and not an issue.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmg2/KgtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh LLUQAJ5MuPxCww/+j07sV+f+mkiKVQzKpyjF7yUrNeIOcBaZMCWXf+hllYW9/Pen y2OHlOfPobrnmA3+G56VK4z87DSjBF+zDX5angms4jos87PKbZ6TkBQlvDcyUIpd ZS2XDwOPUzo/AgYPrk2GNJ1vtVgfitHu1hSF1/WdVFgl6FWzpiva+W+Fbdh+V7ZA XHUNPGH9xx3TUmzDi7pP/xP77DazFn/YTU8xXVIUZ1ZqQxuXKtgMrJ6zlZRIbAVy qmLApTi60GebwRg49O8NB5q4T0RBOnJp56gPbr/+OV3sQa3y9mMKPFQF5hGsOEfP 8Qc+U9gjHug9NupYqUA4PMg8QT8BGA5ia0DAC+SEJoTuyMrYE19yITHSRkc71HHy HcxDJVFLfWcoijvw2IKOtqi2OW0H7xJbFnsSwkIMPAsjy6fbMa+0ykLERo7JlHnF IOxH4cEiUhiF9UjBOK2WhMMEYOmu4f1nsCJzcKEF+bl48zdvIh3qE2WwEALyU58g AfieWv0VGaT1oLNrrA8bo8TLhwQEMPWOTWodJqysIpbR2UhxVClvSAj8Fmy8zR46 A3ILijObLpCsiwme3VDVIQP9nuh66Ckdz6JXVEKpAGxXzFIMj3Db7y9vFZQU7Oy7 vjqReXdieUkQY47pZcTL2t+QczVVFG5W3Mindgvdko02OIem
=mnl2
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/05/25 at 13:53 +0200, Julien Plissonneau Duqu�ne wrote:

they all have a Database data model (faster search/query)

Having some experience with databases, I'm not convinced that a RDBMS (SQL) is a necessity here. Better indexing and caching would definitely help though.

Even if I'm their original author and like that they are popular
services, most of what https://udd.debian.org/bugs/ and https://udd.debian.org/cgi-bin/bts-usertags.cgi do should really be
provided by the BTS itself.

Lucas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Julien,

thanks and applause for this initiative of yours! I agree the bts could
see several improvements..!

On Tue, May 27, 2025 at 06:46:29PM +0200, Julien Plissonneau Duquène wrote:

We would like debbugs to:
0. keep all the e-mail features it currently offers
1. process new requests and give feedback instantly
2. hide e-mail addresses from public (unauthenticated) web browsing
3. have a web UI that makes it possible to submit bugs, reply to bugs, manipulate bugs
4. have some GitLab (Salsa) integration
5. have better, restructured, simplified documentation with full examples
6. track merge requests.

Most of these I also very much agree with, however I doubt that *we* want
to hide e-mail addresses from public (unauthenticated) web browsing. In my book the open development model of Debian is tied to the fact that we the developers are responsible *and* reachable. Our users can see who made the distribution they are using. That is a feature.

I've also seen very very few complaints about the fact that the BTS shows
email addresses if submitters and contributors. And I'm definitly not aware that we identified this as a problem!

Also, I don't really see how to keep all the e-mail features it currently offers,
while hiding email addresses. I quite often look up email addresses in bugs
and contact people directly, definitly more than once per months.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

War is peace. Freedom is slavery. Hitler was a communist.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmg3HAgACgkQCRq4Vgaa qhxqBxAAlSqRKE55cTGlWXM9yzXJpi44R+IJbDgtk61e0B1qadnaw3EwmYK5DUQZ dMOE8PeDf3Mz/etJYHqTtFq6aCP768PZo2sn5AaDolqyQ5MQHqZEi++FXImc5Sqi JschsrD38LdTP23Z8iegRdgjlj2NCBZI8eAzKquPYXcl18UdB4KYRN3434+DLjG1 +kOsXqXCt85D9LXvXBHJZ5eMQE73pNbX1+n4AVfqwKnV/R6nfUw8GmjeuV/1VNuz n1vwXJrgiMwR6ydLAU8DbmsCqH3P6ZF/KZW54dl0yUtNTZ1HTQMkKGRgG9ot3ng9 9e8ps7JLzOlmYMQdfhPfJ/LtJc2g6NBeEawGA/uCPC8VRL4sgYJuQOlGFrTgMUFK gJiWJJSgYI0yhkDeWq1m6poHkGSKrRI2tmjhSwXB3m/LpqhIAj55MREPykngciOF PRl/PbgRQHSK1GqKEnRREjzRFKmkOAVhwApo6wbf434vSMiVkIUUl1vYLgwkfoGs MQstuaYsqf2WL2L2EWJkvk/VwlEfO3mVvb7qpeKVUkkkJSCqK7B+cQmPACZ92AJr A15p+6gBEVFlzJmYdyNisgSpTrdmN0MbScCBY9NHlwS6lrqwLVnVXlN

On 28/05/2025 12:11, Jonathan Dowland wrote:

On Tue May 27, 2025 at 7:30 PM BST, Ahmad Khalifa wrote:

0. keep all the e-mail features it currently offers

IMHO, this is a security flaw, not a feature. I hear that everyone
loves it, so at least the emails should be authenticated somehow
(@debian only maybe? one-time register-confirm emails?).

Can you expand on why you think manipulating bugs by mail is a security
flaw?

Anyone can manipulate any bug without restriction and in bulk.
Untag it as RC, email 0-99999 with the -done suffix, spam it with links,
target packages that echo to a mailing list.
Sure there would be a log of it all, but initially, the only defense
would be to shutdown incoming emails.

Maybe I'm exaggerating a bit, but nowadays I can't login to anything
without two factor authentication, because a password isn't enough
apparently.


--
Regards,
Ahmad

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/05/2025 12:53, Julien Plissonneau Duquène wrote:

Le 2025-05-27 20:30, Ahmad Khalifa a écrit :

On 27/05/2025 17:46, Julien Plissonneau Duquène wrote:

0. keep all the e-mail features it currently offers

IMHO, this is a security flaw, not a feature. I hear that everyone
loves it, so at least the emails should be authenticated somehow
(@debian only maybe? one-time register-confirm emails?).

We have to be careful with changes here, as they could easily become
major annoyances for casual and even regular contributors.

Of course, and I fully acknowledge that existing users have priority in
their workflows here. But some tweaks are needed to keep up.

Current documentation is good actually, but you have to find the right
page.

This "you have to find (or remember) the right page" part is one of the
areas that could greatly be improved ;)

Fair point.

they all have a Database data model (faster search/query)

Having some experience with databases, I'm not convinced that a RDBMS
(SQL) is a necessity here. Better indexing and caching would definitely
help though.

Debbugs relies on 20 or so key-value databases from what I read in its
code last year. At that point, it's time to convert to an RDBMS and
embrace SQL and pile on several db indexes.

Besides, the bug domain is very relational: Bug has Owner who has Bugs
that have a Package that has Bugs with Maintainer who has Bugs ...


--
Regards,
Ahmad

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On May 28, Ahmad Khalifa <ahmad@khalifa.ws> wrote:

Anyone can manipulate any bug without restriction and in bulk.
Untag it as RC, email 0-99999 with the -done suffix, spam it with
links, target packages that echo to a mailing list.

Security measures should be proportional to the specific threat, and
we actually know that targeted malicious attacks to the BTS are not
happening.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaDc8tQAKCRDLPsM64d7X gduIAP9i65hLqMg3BvpHaAaC2dU0cwPZsSjvHd2fJm4RHAx+RwD+PqzEE1MZAEas loC/WYznBJJmccc1AH12VIUG1AIvXQA=
=QUmL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Julien Plissonneau Duquène <sre4ever@free.fr> writes:

I'm considering getting my hands into that thing later this year, so
let me try to summarize the relevant parts of the previous threads
(with the intent of documenting this in a wiki page).

this is awesome

We would like debbugs to:
0. keep all the e-mail features it currently offers

i suggest also

- allow people to do a one-time "stop acknowledging every
single email i send", and "auto-subscribe me to any bug i submit".

- more permissive syntax eg "control: +patch"

- make better use of usertags

- allow people to click a link and report a new bug via the web, from
the page listing existing bugs

1. process new requests and give feedback instantly
2. hide e-mail addresses from public (unauthenticated) web browsing

sure, (but doesnt actually add that much to the end user?) ....

3. have a web UI that makes it possible to submit bugs, reply to bugs, manipulate bugs

.. whereas this would be amazing, it would give everyone the best of all
worlds

4. have some GitLab (Salsa) integration
5. have better, restructured, simplified documentation with full
examples

yes! (i saw someone disagree, but eg the current docs for usercategory
is, at best, incomplete, and the docs for "merge" doesnt even say which
one becomes the "master" bug. some pages dont mention usertag)

6. track merge requests.

6. is not clear enough. What would we like debbugs to achieve, more precisely, here?

think this is the same as 4.

(it may also be that the link should be done in salsa rather than the
bts)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 May 2025 16:08:56 +0100, Ahmad Khalifa wrote:

Can you expand on why you think manipulating bugs by mail is a
security flaw?

Anyone can manipulate any bug without restriction and in bulk.

Right, and that's a feature not a bug (and for sure not a "security
flaw").

Maybe I'm exaggerating a bit,

Maybe "a bit" is a bit of an understatement :)


Cheers,
gregor

--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmg3lA5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgb9Qg/5AbN0WkjDCPY+UUAE5UgwouI9t2NXrGefO+OfXd3bQir8tvcIGYwzvaa2 58J6KCmbhCQZLrmyNz7j5Ovmh2E4B7EYa/Adrpo8uwAYOAia0HlmpUaf/cypG4r9 17ijWrT+Juey9ZNgS3jm7JVFKm3yfVTE5N92wo+LcG7HCD0PXQKTUwXXfXubIELK +Q4PdLIjw3mcARMqN22hHiMtoCsYC9WUihxJTeD/94/3Xx1ahX9utIz7bW4skhT/ DDtYgn7cAqPaw/9oBg88D+Kv/Dupena8X7JLig3Dj35QRbAO8pwjtfdKkUdt2fR4 2O6hCcttVrFX5Ab5nImt7kRs1It3Q0IxBjq7qncQQ/ActJnGLER34AO1mTyKk05h 7beThAwBjfSX1V8a7snrlcoj1ZSj2x58zK+tvtCQL4K7Hmhc18P5TxCVo5b+kbEP tTzwTxmZTRfMnsQ+dqZ22C2r0qT0QZc4GnW0H1SEbU907VxrLKgWuwdWvxA6Dehv i+/PTKPEJ3Jk9mJB55LzsuGu8D80GCqmBTylzuDovKVpNKCnG4/4jA8GJvvg8k0G 4s7lDhVr/T/jI1VNdO/fAEGuRqw+LunwJ5EUMZeoORJUVW9zGTLNV9CwLtnpVoOs 4AICTlwybyk4KfkoI4ymSb7bjnXuR4Iar3Xx113FDGyZFLK0qtY=
=7Hn4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, May 28, 2025 at 01:53:21PM +0200, Julien Plissonneau Duquène wrote: >Le 2025-05-27 20:30, Ahmad Khalifa a écrit :

they all have a Database data model (faster search/query)

Having some experience with databases, I'm not convinced that a RDBMS
(SQL) is a necessity here. Better indexing and caching would
definitely help though.

While it might be possible to carry on doing without, the data
fundamentally has many relational properties and an RDBMS would make
life a lot easier. I wish I'd known what I know now about PostgreSQL
when I was in my period of working on debbugs very actively; I would
100% have switched to it.

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, May 28, 2025 at 02:22:00PM +0000, Holger Levsen wrote:

Most of these I also very much agree with, however I doubt that *we* want
to hide e-mail addresses from public (unauthenticated) web browsing. In my book
the open development model of Debian is tied to the fact that we the developers
are responsible *and* reachable. Our users can see who made the distribution >they are using. That is a feature.

Developers _maybe_, but the BTS mostly doesn't distinguish between
developers and users (except for maintainer addresses). And at least
for users who've helped us out without realizing the consequences, it's arguably not exactly in the spirit of the GDPR, which I don't feel
comfortable with in this day and age.

I've also seen very very few complaints about the fact that the BTS shows >email addresses if submitters and contributors. And I'm definitly not aware >that we identified this as a problem!

owner@bugs gets complaints about this fairly often.

Also, I don't really see how to keep all the e-mail features it currently offers,
while hiding email addresses. I quite often look up email addresses in bugs >and contact people directly, definitly more than once per months.

One possibility would be for the BTS to offer a way to follow up
privately, similar to the NNNNN-submitter@ addresses. (This idea would obviously need refinement.)

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 29, 2025 at 01:40:33AM +0100, Colin Watson wrote:

I've also seen very very few complaints about the fact that the BTS shows email addresses if submitters and contributors. And I'm definitly not aware that we identified this as a problem!

owner@bugs gets complaints about this fairly often.

TIL, thanks.

(still, I think the answer to that should not be to hide email addresses
but something else, eg maybe asking new bts users if they are aware that there email address will become public and block their submissions until they agree...)


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Wenn der Faschismus wiederkehrt, werden Medien ihn pflichtbewusst als "umstritten" bezeichnen.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmg4IaoACgkQCRq4Vgaa qhxniA/+NJNh1Ge2iqO8XqdOuHLb3G1w+qsCk+eyeWJemmDiMiei+Iy7sWk0EiU7 f1W5WT4I8Nl3saKvmZt7QteC7Jvm+TXYUDdm7NdY1VkZFpiAXdUA8+3EFikl6awf VWaOiXcJSA9JiLsZ1fJwOenbxZiVcvb+KhrpuCDpxdsDWlgHqQXaLitGaI4mEh7Q /9gBw2ZT2HJcKUJS5VZoxmFuLlgap+qKcLkUKZArYZANzqD3C8GJ1oileN9ESZWg NYOq/CnLD8sUuB/nAQW8v8ymYdFLSC6NJsDAwBQvcuJshKXZ2eHKACy8ChMkurwC /N5XvIwtOe8KsLKCgfZVJGqWgrTMkBUu9DBBcfAxZ5d8KvJ0ApLV5H092Y+XPPvH /dRanusmoZPjOSqmbA+ZUeSp1qjufEurzkq819/yFzLsRigdGRI8bH6/fJ72fZwG m+kbkY28uqRdQr6p5E0uB1YQsIUnJTtINwJVh/P2UVWYPQNUHzbldejgj7iiNnpL 5WhAaBt8bpoSPSPudPuIhVHxSF3fiv5dcKztBgvZLzIPw62jWHLEW2eomx2mdq76 pfFpr1+EBBN2CyZXS

On Thu, May 29, 2025 at 01:30:58PM +0530, Pirate Praveen wrote:

I've also seen very very few complaints about the fact that the BTS shows email addresses if submitters and contributors. And I'm definitly not aware that we identified this as a problem!

It definitely attracts huge amounts of spam.

so does posting to lists.d.o and uploading packages. "you" also want to hide email addresses there? IMO that would be even worse than hiding email addresses in the BTS only.

the only way to fight spam is to fight spam. not to hide yourself.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

There are many ways to kill. You can stab someone in the guts, take their bread away, not heal someone from disease, put someone in a bad living space, work someone to death, drive them to suicide, lead someone to war etc. Only few of these are prohibited in our state." (Bertolt Brecht)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmg4IQsACgkQCRq4Vgaa qhwDTQ//fj5Mi4SU0H1na0B/eQEbPR0+sdxu9E2SO1xrPf1aIQzVqnHPvwyZy0h1 y6BlEZfh9aG5kx5SDgFcFI4E97m9QwP7ew1ortrMmDLpzj6kCMDVu+1mIdh31khF tF7aTDpE9gUh6PzcV7z06dUVd6bAA8geZPXjfZT1w1UZPFUaTdF1xn4qSMEi69da +fKi0k4/Hf/qRJShX07NutYHXEVOih/zGfmCjHB2GKTzb/b78/KEHZcGCGe2PtT9 7+Zc+D/0rI/AcHyJXiPD+2U8br3VqjUjtimctyQ59feGIQA1ZyZXASCAt0pKCGBW bEJjIUL0BByWMuF6MsNd1MW3JL1EGMK2dWvcp2UboRmJfvS39ztiMgT7J9TrRiX4 DIepj4naCenQJQN

Le 2025-05-29 02:43, Colin Watson a écrit :

While it might be possible to carry on doing without, the data
fundamentally has many relational properties and an RDBMS would make
life a lot easier. I wish I'd known what I know now about PostgreSQL
when I was in my period of working on debbugs very actively; I would
100% have switched to it.

That's valuable input, thank you.

Right now we have an implementation that is dated but mostly works so I
think that there is no need to rush a move. Working on it for a while
and experimenting with the real data in there will certainly help with
figuring out what could be done about the storage.

That data is somewhat transactional, moderately relational, also with
relations like bugs that are merged with bugs, block bugs, affect
packages which are dependencies of packages, are found in versions which
have versions as successors ... and SQL is not that great at recursivity
or working with graphs. Or handling large binary objects. Or doing
finely tunable full-text indexing and search. That's an implementation
detail anyway (well, maybe not right now, but that's how it should be
ideally).

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On May 29, Julien Plissonneau Duquène <sre4ever@free.fr> wrote:

Security measures should be proportional to the specific threat, and
we actually know that targeted malicious attacks to the BTS are not >>happening.

We know that they didn't happen so far. I would not be so sure about
the future.

There is always a trade-off between usability and security.
Of course we can add as many security features as you can think, but if
they are not needed then they only hinder normal work for no benefit.

Anyway there are backups, and incoming legitimate messages could be
replayed should such abuse occur, right?

Right.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCaDhHwgAKCRDLPsM64d7X ge4zAQC2zE3cRFhBiKO5NY7GyzkUWC2Pni6vW/a8INJCykDsIgEAnTKXHA2H9Nbl Fu8ocinSvQrs/VC8PV0drWRJnohWjwE=
=zkDW
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu May 29, 2025 at 9:58 AM BST, Holger Levsen wrote:

(still, I think the answer to that should not be to hide email
addresses but something else, eg maybe asking new bts users if they
are aware that there email address will become public and block their submissions until they agree...)

But their contribution is the thing that's valuable to us, more so than
their email address.




--
Please do not CC me for listmail.

👱🏻 Jonathan Dowland
✎ jmtd@debian.org
🔗 https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 29, 2025 at 01:03:56PM +0200, Julien Plissonneau Duquène wrote: >Right now we have an implementation that is dated but mostly works so

I think that there is no need to rush a move. Working on it for a
while and experimenting with the real data in there will certainly
help with figuring out what could be done about the storage.

That data is somewhat transactional, moderately relational, also with >relations like bugs that are merged with bugs, block bugs, affect
packages which are dependencies of packages, are found in versions
which have versions as successors ... and SQL is not that great at >recursivity or working with graphs. Or handling large binary objects.
Or doing finely tunable full-text indexing and search.

People underestimate PostgreSQL: I've done all these things in it or
their very near equivalents, and it works very well in practice. Most
of them aren't even hard. You have to bend your brain a bit to handle recursion and graphs, but it's totally doable and usually far faster
than doing the equivalent on the application side. And even if you
don't bother tuning its dictionaries or similar, its full-text indexing
is a perfectly fine starting point - I doubt that debbugs would need
more than very minor tuning.

Admittedly for large binary objects I sometimes use some other kind of
storage. That's likely unnecessary for bug messages, but I could
imagine it being worthwhile for bug attachments. But honestly, the BTS
doesn't have enough data or a high enough rate of data change to really
be a problem; in my last job I ran a PostgreSQL database that was
something like six times the size of bugs.debian.org's entire data set,
even leaving aside its much bigger data store for large objects. At our
scale, we could just stuff bug attachments into bytea columns in a
separate table, maybe mark them "SET STORAGE EXTERNAL" for better
streaming support, give bug messages a one-to-many relationship to them,
and it'd be fine. Or we could even just start by storing the raw form
of each bug message in the DB and leaving it up to the application to
parse it for display purposes; that would be fine for what debbugs does
today, although a bit less ideal for future full-text search since
searches probably wouldn't want to match on most email headers.

(PostgreSQL limits bytea columns using TOAST to 1 GiB. The largest .log
file for any bug in bugs.debian.org is for #599476, which is about 204
MiB - and that's for the entire bug, with several video files as
attachments. So this isn't even close to being a limit of any concern.)

The BTS today has a bunch of difficult-to-follow workarounds that would completely evaporate if backed by a proper database, allowing much
higher performance and leaving more effort available for useful things.
While I don't want to put words in Don's mouth, from the fact that he
was working on a PostgreSQL port a while ago I infer that he probably
agrees with me on this.

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 29, 2025 at 01:15:23PM +0100, Jonathan Dowland wrote:

On Thu May 29, 2025 at 9:58 AM BST, Holger Levsen wrote:
But their contribution is the thing that's valuable to us, more so than
their email address.

no, it's the combination. we need to interact.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

If a monkey hoarded more bananas than it could eat, while most of the other monkeys starved, scientists would study that monkey to figure out what the
heck was wrong with it. When humans do it, we put them on the cover of Forbes.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmg4c/QACgkQCRq4Vgaa qhymcw/8C9a7sQYjotTlhsLDHwaoeMYqnpnmfDzoEpIMvkHQa8dMNg3JP+XKrPJu CMxek9Bep3+6HmvBaAkKCYN0gKiu+0unZd4SIexdUPMCE0t/wJl6frib5gCaGrm6 L/MDyCZF1RDEMNaj4YTA50hLCzmAH4Vf27FTN0uz+ce+VWmSwVScKwXVVkhSjn4g AYdaqlL6IvyB0cBTiPgmskYRwUYStHzpH0Cuiyo2JWEUJAKFTjeFIWarD546+eCs S84YGOD1Q2FRxy+gIFbGjWOBZhs+2akypESJT6BEpKGVwAMD43FwvibLDtbsmEEU NYVgT6IzyKuB4wYbRd1E7qQ/ugoqhezSue7Pgmu9HBlhEl7cMCmnu0Yi2EIeGlwW Bwn9wO3kVoITJv8r0TKYcD0VbbOhmORoFaHgCk0k0qTHNxX3eR+x/fTOr9MPC3Ai
M96MzMUlMVzzu

On Tue, May 27, 2025 at 06:46:29PM +0200, Julien Plissonneau Duqu�ne wrote:>

Unlike some people I believe that debbugs can be improved and modernized in
a satisfying way while retaining most if not all of its current interfaces. This would minimize breakage and inconvenience for developers that are mostly fine with the way it currently works.

Yes, i think that is the most realistic way.

I've been thinking for some time how to improve debbugs.
Partially in light of toying with the idea to make a full featured TUI
client for it(which i might never find the time for, but).

I'm considering getting my hands into that thing later this year, so let me try to summarize the relevant parts of the previous threads (with the intent of documenting this in a wiki page).

We would like debbugs to:
0. keep all the e-mail features it currently offers

This will be essential. Also keeping the existing path as is and adding new ways to interact allows experimenting with new sementics without breaking current usage.

1. process new requests and give feedback instantly

I think greylisting is a big factor here.

E-mail just isn't what is used to be any longer.
For non email frontends i think one important feature to consider is a way to submit change requests to debbugs without email.
Feeding a e-mail like text directly to debbugs in an authetificated way (say using a token obtainable from a salsa account) would allow for much faster feedback.

2. hide e-mail addresses from public (unauthenticated) web browsing

This seems problematic in the current state of debbugs as this likely breaks
a lot of use cases. Or forces everyone to be logged in, in some way.

The mailto: links are very valuable to work with existing bugs.
At least as debbugs doesn't work like mostly every other bugtracker by auto subscribing participants.

Consider moving that part to later in the timelime.

3. have a web UI that makes it possible to submit bugs, reply to bugs, manipulate bugs

This of course is the big new thing.
One part where i could see this loosing is reportbug integration, so maybe
one thing to consider would be to allow this to be triggered from reportbug
as well (i.e. have reportbug send the user on to the webinterface with a prefilled bugreport template instead of trying to submit via email as
option).

I wonder what semantics would be good for web based interactions.
The way debbugs currently works seems not like a good fit with what users expect from web based bug tracker interactions.
Or the email systems don't really like emails with From coming from
webservers that don't submit through the email providers submission path anymore.

Thus i wonder if the web interface wouldn't be a good chance to add a part to debbugs that aligns more with what works well today and matches now expected email privacy.

I assume the web interface will need authentification for changes/bug submission. Say using salsa (otherwiese replace salsa by something else
below).

Currently debbugs uses email adresses as identities. Maybe it should gain
salsa accounts as a new identity type (possibly by encoding them as special email adresses). Then all interactions triggered by salsa identities could be send from a fixed infrastructure address (somewhere in debian.org or debian.net?) with just the "display name" set to the salsa identity information.
Those would not be reachable directly by email, but instead would just be subscribed to the bug and receive updates from debbugs as subscribers and not by direct mail from users replying via the tradition email interface.
(This loose the easy way to take discussions private, there could be an
opt-in to still allow taking discussions private)

For the web based changes i think it would be worth to explore if the UI
could be based around use cases more than raw manipulation of fields.

i.e. have a flow for "the maintainer forgot to include a 'closes: '" instead
of just having a "fixed in version" field.

In a way the current state of things makes it more unlikely that fields are
set in a wrong way, because it hardish to learn how to set them in the
first place. When getting rid of that kind of barrier it might be good to consider getting solid UI flows that explain when some action is apropriate
to keep mistakes low.

Also as debbugs has some more complicated interactions it would be nice to
get a preview what the new state of a bug would be.

For alternate (external) frontends it would be nice to have that preview available as some kind of api.

4. have some GitLab (Salsa) integration

5. have better, restructured, simplified documentation with full examples

yes, please. I always struggle with the current documentation.

6. track merge requests.

Implementing 2. is likely to break habits and maybe some tools, as
currently there is no authentication at all on debbugs web UI and you can use it to view full headers, download mboxes and generate a working reply mailto: link. It also won't completely solve the privacy issue, as e-mail addresses can also be found in git repositories and mailing list archives. IMO it would be better to recommend using a dedicated e-mail address.

I think the way debian works it is currently not feasable to protect all
email adresses in all usages.

An interesting thing to think about is what happend if a bug ends up on a mailing list (e.g. Maintainer is a mailing list or a mailing list is CCed in later).

Having non email identities on debbugs would still allow these interactions
to work as long as the bug is also included in the replies to the mailling
list (which usually is the expected way).

I think emails in git and in mailling list is quite a differnt topic.

6. is not clear enough. What would we like debbugs to achieve, more precisely, here?

This sounds like a big topic.

One thing i really think the web based git repos do a lot better than the
email based workflows is giving context to patches.

Ideally (where enabled) patches in bug reports would be just another view to a merge requests on salsa. But of course that sounds very very hard.

BTW I don't think that Bugzilla, GitLab issues or even JIRA would be
suitable replacements for debbugs.

I would expect nothing widely used has enough flexibility to do such basic tasks as tracking migration of fixes. Also switching would need parallel
system or a flag day both which sound like nearly impossible.


- Martin Hostettler

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 27 May 2025, Otto Kekäläinen wrote:n

I would assume Debbugs might evolve without you having to personally
do all the improvements, if you allow improvements done by others
flow in. As an example, I have had https://salsa.debian.org/debbugs-team/debbugs/-/merge_requests/6
open for 4 years now.

That's not an MR that I'll apply, because the actual version that
debbugs runs is at https://bugs.debian.org/debbugs-source/debbugs/

Salsa isn't the actively running code for Debian, though it is a place
that we're using as upstream.

--
Don Armstrong https://www.donarmstrong.com

A kiss was mysterious and powerful, fragile and invincible. Like any
spark, a kiss might fizzle into nothing or consume an entire forest.
[...] A kiss could change the entire world.
-- Scott Westerfeld _The Killing of Worlds_ p336

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 29 May 2025, Colin Watson wrote:n

On Wed, May 28, 2025 at 02:22:00PM +0000, Holger Levsen wrote:

Also, I don't really see how to keep all the e-mail features it currently offers,
while hiding email addresses. I quite often look up email addresses in bugs and contact people directly, definitly more than once per months.

One possibility would be for the BTS to offer a way to follow up privately, similar to the NNNNN-submitter@ addresses. (This idea would obviously need refinement.)

My current thinking is to solve this (and DKIM) by rewriting the
senders of messages to something like:

Don Armstrong <user-530149da-b58b-4a3f-aaaf-ade435f4c26f@bugs.debian.org>

where messages to that address could potentially be forwarded to the
end user, possibly with people being able to opt-in or opt out of
e-mail forwarding at any time.

This would also handle some privacy requests by allowing people to
request that we remove their address, and we'd only retain their
UUIDv5.

--
Don Armstrong https://www.donarmstrong.com

"The trouble with you, Ibid" he said, "is that you think you're the
biggest bloody authority on everything"
-- Terry Pratchet _Pyramids_ p146

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Jun 01, 2025 at 10:04:53AM -0700, Don Armstrong wrote:

On Tue, 27 May 2025, Colin Watson wrote:n

In my view, an absolute prerequisite for all of this is moving from the current flat-file structure to a proper database; the current data structures just don't perform well enough to be usable as the foundation for
a modern web UI. Don has some branches on https://salsa.debian.org/debbugs-team/debbugs that make a start at switching
to PostgreSQL, and he can probably fill you in on more details.

Absolutely.

My personal goal is to replace the entire codebase with python+sqlalchemy+postgresql+fastapi, while keeping the flat file
system only for archiving the bug log (the .log files) for at least a significant period of time, but that bug log would be write only.

The code for this is about 25% there, but I've been working on it for
years now in my very limited Debian development time, so I don't have
a realistic timeline for completion.

Do you have some design documentation and/or a TODO list that others
could use to be able to contribute to this effort?

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmg85XsACgkQ/A2xu81G C96f9xAAjCT0qCR5wxpxb8OGhqqnYo32vmO68uXmYCrUj+ylDvXhKWniomSS8gJg DSCtm2tN31pgh1oFgSDeDn0HyMdblU6ZpKsThtlSbTluC9cd/LkLHKY3bafqSw6E unKdoUi7Pb7ijL93t6Zg/PK/4qfnJGWVpIUMM3Vp6D18VHgGFrent6J03B7HuimM jsUG//R1CJYdIYppzMhHli35t6vQyQPPz4jQfJfx6BqurV+tVeHHXbJlXN2+1cSH ZZAtyf6AFqm2J6ijuE6Gu2XZ/YMV6401xH/+1nNWiJ+6bsxKAZh0COXCig5y8WL0 wdMLpI572Xi/mvzyARVNpQZ48zxk++jNHi5WcBnsJ3060gjs81y4o/Dxt2Jkcdt0 6eIjkZ+JyHoSYNMTqz8luOlPvudWSja0sIInXnrQeXJmQhLsH6nEMkOdfkovXEN6 Q33o97FaLy/gNHEAqsjzcB9MOl5CFr8RNu72U9j+sQphNZLjXqegNTDJa0PojX5X R49OqmJrqNTtVTEWglBlnNxYJdbx5IV87AB+sYzN8HTAEsRXiJ6xd8akXarRbozD xB5xvTlPR/BT07LpYntAgafm/+6WlAs1pCp0DD6yFuIzyDbCe7YeUtVJFNW/u3fW NOuZmALPLIHe4bbK6zd8eFUD7jP6zCWfzAu3JoNOrvI7GOXuNec=
=Xpc6
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 01 Jun 2025, Antonio Terceiro wrote:n

On Sun, Jun 01, 2025 at 09:54:09AM -0700, Don Armstrong wrote:

On Tue, 27 May 2025, Otto Kekäläinen wrote:n

I would assume Debbugs might evolve without you having to personally
do all the improvements, if you allow improvements done by others
flow in. As an example, I have had https://salsa.debian.org/debbugs-team/debbugs/-/merge_requests/6
open for 4 years now.

That's not an MR that I'll apply, because the actual version that
debbugs runs is at https://bugs.debian.org/debbugs-source/debbugs/

FWIW the actual/working repository URL is https://bugs.debian.org/debbugs-source/debbugs.git

Sorry, I typoed. The above line should read https://bugs.debian.org/debbugs-source/debian/, which is a checked-out
version of the debian branch of https://bugs.debian.org/debbugs-source/debbugs.git

That said, we probably should point at the salsa repo too, since it's
way more friendly than a random directory.

--
Don Armstrong https://www.donarmstrong.com

We want 6. 6 is the 1.
-- "The Prisoner (2009 Miniseries)" _Checkmate_

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Jun 01, 2025 at 04:57:31PM -0700, Don Armstrong wrote:

On Sun, 01 Jun 2025, Antonio Terceiro wrote:n

On Sun, Jun 01, 2025 at 10:04:53AM -0700, Don Armstrong wrote:

My personal goal is to replace the entire codebase with python+sqlalchemy+postgresql+fastapi, while keeping the flat file
system only for archiving the bug log (the .log files) for at
least a significant period of time, but that bug log would be
write only.

The code for this is about 25% there, but I've been working on it
for years now in my very limited Debian development time, so I
don't have a realistic timeline for completion.

Do you have some design documentation and/or a TODO list that others
could use to be able to contribute to this effort?

Not currently in a state that it would be useful for others to
contribute, but I'd be willing to get in front of that if there were
others who would be willing to commit to some amount of time (while
dealing with my limited availability.)

Yes, please do.

I believe that the need for improvements in debbugs has been a recurring
topic in several Debian forums. I myself started trying to setup a local debbugs instance a couple of times; in this thread at least another
person said they would look into it.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmg9sTMACgkQ/A2xu81G C94WfRAAtKVt3EM4z2xtVcvb0FXO2Nvpi7EXNw3ZuxUDGAGkr0o+FRAzm4nazSU6 qyg9lHk3BieNMfZzrWbM4EeLQhuWkzQAo5TgiayJLWZZ3tJBlgTS5eEnyioPrxVS RaxXfXfQPtrrhEzdQyan5qzW7YcWMEtVXism0La+iOUmY9Nrperlcy++vGQZE+LO EXEGdV4RgYM2enhv8YGbDGMKjmVqHY6tycHaSTgkJEC0UUowWH4DSTQBmo08alWv +ssqfSx0U2LbKbUHNh8HfidZMSpvozrDYRvqH9tKzh7yjOVhmrhAl5tQFbEv0Wlt TFTvoBgIw8vip3x7QQ4i6qzxSER0Mj0n+38iG/LfETgG5D80iWF0fS2E08xzOCzF SC/w4Fk/1JFkzUtkMai0h0hmY+7CndElURWPEOLLRl9aQsQOF5TJ/thR63D+zQua UBu+BjXwZ6OlDFQQ/1uL28HnSlY8nz+MKeqothYXAshZSC9bt/JYotNMcSP+PMyU nfeWWTGkmZWA3ZUl5zTHPC3ainbY3AspsU6oGWtvouXMHGT9prN9e/cA21o53/GU zN5Ru0mTu9Z6bfBpcNhuzJG+GaCmfSgh+GjFB8aAMlvu3JP178xQxnlzeGCgTcex k4dTStByXI42InoXWQ3cJrrnwX4kiACVeR3lG3EYvhk3Eynxg24=
=CpCe
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)