--- /dev/null
+<Files globals.pl>
+deny from all
+</Files>
+<Files localconfig>
+deny from all
+</Files>
+allow from all
></DT
><DT
>2.1.2.14. <A
-HREF="#AEN343"
+HREF="#AEN347"
>Setting Up the MySQL Database</A
></DT
><DT
>2.1.2.15. <A
-HREF="#AEN379"
+HREF="#AEN383"
>Tweaking "localconfig"</A
></DT
><DT
>2.1.2.16. <A
-HREF="#AEN401"
->Setting Up Maintainers Manuall (Optional)</A
+HREF="#AEN410"
+>Setting Up Maintainers Manually (Optional)</A
></DT
><DT
>2.1.2.17. <A
-HREF="#AEN410"
+HREF="#AEN419"
>The Whining Cron (Optional)</A
></DT
><DT
>2.1.2.18. <A
-HREF="#AEN417"
+HREF="#AEN426"
>Bug Graphs (Optional)</A
></DT
><DT
>2.1.2.19. <A
-HREF="#AEN429"
+HREF="#AEN438"
>Securing MySQL</A
></DT
><DT
>2.1.2.20. <A
-HREF="#AEN495"
+HREF="#AEN504"
>Installation General Notes</A
></DT
></DL
></DT
><DT
>2-1. <A
-HREF="#AEN646"
+HREF="#AEN341"
+>Setting up bonsaitools symlink</A
+></DT
+><DT
+>2-2. <A
+HREF="#AEN403"
+>Running checksetup.pl as the web user</A
+></DT
+><DT
+>2-3. <A
+HREF="#AEN655"
>Removing encrypt() for Windows NT installations</A
></DT
><DT
>3-1. <A
-HREF="#AEN838"
+HREF="#AEN850"
>Creating some Components</A
></DT
><DT
>3-2. <A
-HREF="#AEN867"
+HREF="#AEN879"
>Common Use of Versions</A
></DT
><DT
>3-3. <A
-HREF="#AEN871"
+HREF="#AEN883"
>A Different Use of Versions</A
></DT
><DT
>3-4. <A
-HREF="#AEN899"
+HREF="#AEN911"
>Using SortKey with Target Milestone</A
></DT
><DT
>3-5. <A
-HREF="#AEN937"
+HREF="#AEN949"
>When to Use Group Security</A
></DT
><DT
>3-6. <A
-HREF="#AEN954"
+HREF="#AEN966"
>Creating a New Group</A
></DT
><DT
>4-1. <A
-HREF="#AEN1095"
+HREF="#AEN1112"
>Some Famous Software Versions</A
></DT
><DT
>4-2. <A
-HREF="#AEN1105"
+HREF="#AEN1122"
>Mozilla Webtools Components</A
></DT
><DT
>D-1. <A
-HREF="#AEN1963"
+HREF="#AEN1986"
>Using Setperl to set your perl path</A
></DT
><DT
>1. <A
-HREF="#AEN2145"
+HREF="#AEN2168"
>A Sample Product</A
></DT
></DL
><P
><B
>Tip: </B
-> HINT: If you symlink the bugzilla directory into your Apache's
+> If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the <Directory> entry
for the HTML root.
installation.
</P
><P
-> Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
- to the correct location of your perl executable (probably /usr/bin/perl).
+> Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
+ for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
<DIV
+CLASS="EXAMPLE"
+><A
+NAME="AEN341"
+></A
+><P
+><B
+>Example 2-1. Setting up bonsaitools symlink</B
+></P
+><P
+> Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably need to subsitute
+ "/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
+ Perl may live in weird places like "/opt/perl". As root, run these commands:
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DIV
+>
+ <DIV
CLASS="TIP"
><BLOCKQUOTE
CLASS="TIP"
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN343"
+NAME="AEN347"
>2.1.2.14. Setting Up the MySQL Database</A
></H3
><P
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN379"
+NAME="AEN383"
>2.1.2.15. Tweaking "localconfig"</A
></H3
><P
><P
><B
>Note: </B
-> The second time you run checksetup.pl, it is recommended you be the same
- user as your web server runs under, and that you be sure you have set the
+> The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
- name, if any. Under some systems, otherwise, checksetup.pl will goof up
- your file permissions and make them unreadable to your web server.
+ name, if any. I believe, for the next release of Bugzilla, this will
+ be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
+ as well.
+ <DIV
+CLASS="EXAMPLE"
+><A
+NAME="AEN403"
+></A
+><P
+><B
+>Example 2-2. Running checksetup.pl as the web user</B
+></P
+><P
+> Assuming your web server runs as user "apache", and Bugzilla is installed in
+ "/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
+ As root, for the <EM
+>second run</EM
+> of checksetup.pl, do this:
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DIV
+>
</P
></BLOCKQUOTE
></DIV
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN401"
->2.1.2.16. Setting Up Maintainers Manuall (Optional)</A
+NAME="AEN410"
+>2.1.2.16. Setting Up Maintainers Manually (Optional)</A
></H3
><P
> If you want to add someone else to every group by hand, you can do it
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN410"
+NAME="AEN419"
>2.1.2.17. The Whining Cron (Optional)</A
></H3
><P
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN417"
+NAME="AEN426"
>2.1.2.18. Bug Graphs (Optional)</A
></H3
><P
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN429"
+NAME="AEN438"
>2.1.2.19. Securing MySQL</A
></H3
><P
><HR><H3
CLASS="SECTION"
><A
-NAME="AEN495"
+NAME="AEN504"
>2.1.2.20. Installation General Notes</A
></H3
><DIV
><H4
CLASS="SECTION"
><A
-NAME="AEN497"
+NAME="AEN506"
>2.1.2.20.1. Modifying Your Running System</A
></H4
><P
><HR><H4
CLASS="SECTION"
><A
-NAME="AEN502"
+NAME="AEN511"
>2.1.2.20.2. Upgrading From Previous Versions</A
></H4
><P
><HR><H4
CLASS="SECTION"
><A
-NAME="AEN505"
+NAME="AEN514"
>2.1.2.20.3. UNIX Installation Instructions History</A
></H4
><P
>Tip: </B
> From Andrew Pearson:
<A
-NAME="AEN624"
+NAME="AEN633"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
>Tip: </B
>"Brian" had this to add, about upgrading to Bugzilla 2.12 from previous versions:</P
><A
-NAME="AEN634"
+NAME="AEN643"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN646"
+NAME="AEN655"
></A
><P
><B
->Example 2-1. Removing encrypt() for Windows NT installations</B
+>Example 2-3. Removing encrypt() for Windows NT installations</B
></P
><P
> Replace this:
></BLOCKQUOTE
></BLOCKQUOTE
></DIV
+><DIV
+CLASS="TIP"
+><BLOCKQUOTE
+CLASS="TIP"
+><P
+><B
+>Tip: </B
+> This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
+ </P
+><P
+CLASS="LITERALLAYOUT"
+>I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you<br>
+at this moment of the commments I have to section 2.2.1 of the bugzilla<br>
+guide (at http://www.trilobyte.net/barnsons/html/).<br>
+<br>
+Step 1:<br>
+I've used apache, installation is really straightforward.<br>
+After reading the Unix installation instructions, I found that it is<br>
+necessary to add the ExecCGI option to the bugzilla directory. Also the<br>
+'AddHandler' line for .cgi is by default commented out.<br>
+<br>
+Step 3: although just a detail, 'ppm install <module%gt;' will also work<br>
+(wihtout .ppd). And, it can also download these automatically from<br>
+ActiveState.<br>
+<br>
+Step 4: although I have cygwin installed, it seems that it is not necessary.<br>
+On my machine cygwin is not in the PATH and everything seems to work as<br>
+expected.<br>
+However, I've not used everything yet.<br>
+<br>
+Step 6: the 'bugs_password' given in SQL command d needs to be edited into<br>
+localconfig later on (Step 7) if the password is not empty. I've also edited<br>
+it into globals.pl, but I'm not sure that is needed. In both places, the<br>
+variable is named db_pass.<br>
+<br>
+Step 8: all the sendmail replacements mentioned are not as simple as<br>
+described there. Since I am not familiar (yet) with perl, I don't have any<br>
+mail working yet.<br>
+<br>
+Step 9: in globals.pl the encrypt() call can be replaced by just the<br>
+unencrypted password. In CGI.pl, the complete SQL command can be removed.<br>
+<br>
+Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems<br>
+with the system() call yet.<br>
+There seem to be only four system() called programs: processmail.pl (handled<br>
+by step 10), syncshadowdb (which should probably get the same treatment as<br>
+processmail.pl), diff and mysqldump. The last one is only needed with the<br>
+shadowdb feature (which I don't use).<br>
+<br>
+There seems to be one step missing: copying the bugzilla files somehwere<br>
+that apache can serve them.<br>
+<br>
+Just noticed the updated guide... Brian's comment is new. His first comment<br>
+will work, but opens up a huge security hole.<br>
+ </P
+></BLOCKQUOTE
+></DIV
></DIV
></DIV
></DIV
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN838"
+NAME="AEN850"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN840"
+NAME="AEN852"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN867"
+NAME="AEN879"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN869"
+NAME="AEN881"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN871"
+NAME="AEN883"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN873"
+NAME="AEN885"
></A
><P
></P
><DIV
CLASS="EXAMPLE"
><A
-NAME="AEN899"
+NAME="AEN911"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN901"
+NAME="AEN913"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN937"
+NAME="AEN949"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN939"
+NAME="AEN951"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN954"
+NAME="AEN966"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN956"
+NAME="AEN968"
></A
><P
></P
><LI
><P
> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
- $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ of a criminal, while the "globals.pl" stores some default information regarding your
+ installation which could aid a system cracker.
+ In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+> Bugzilla provides default .htaccess files to protect the most common Apache
+ installations. However, you should verify these are adequate according to the site-wide
+ security policy of your web server, and ensure that the .htaccess files are
+ allowed to "override" default permissions set in your Apache configuration files.
+ Covering Apache security is beyond the scope of this Guide; please consult the Apache
+ documentation for details.
+ </P
+><P
+> If you are using a web server that does not support the .htaccess control method,
+ <EM
+>you are at risk!</EM
+> After installing, check to see if you can
+ view the file "localconfig" in your web browser (ergo:
+ <A
+HREF="http://bugzilla.mozilla.org/localconfig"
+TARGET="_top"
+> http://bugzilla.mozilla.org/localconfig</A
+>. If you can read the contents of this
+ file, your web server has not secured your bugzilla directory properly and you
+ must fix this problem before deploying Bugzilla. If, however, it gives you a
+ "Forbidden" error, then it probably respects the .htaccess conventions and you
+ are good to go.
+ </P
+></BLOCKQUOTE
+></DIV
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <A
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1095"
+NAME="AEN1112"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN1097"
+NAME="AEN1114"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1105"
+NAME="AEN1122"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN1107"
+NAME="AEN1124"
></A
><P
></P
><DL
><DT
>A.1.1. <A
-HREF="#AEN1302"
+HREF="#AEN1319"
> Where can I find information about Bugzilla?</A
></DT
><DT
>A.1.2. <A
-HREF="#AEN1308"
+HREF="#AEN1325"
> What license is Bugzilla distributed under?
</A
></DT
><DT
>A.1.3. <A
-HREF="#AEN1314"
+HREF="#AEN1331"
> How do I get commercial support for Bugzilla?
</A
></DT
><DT
>A.1.4. <A
-HREF="#AEN1321"
+HREF="#AEN1338"
> What major companies or projects are currently using Bugzilla
for bug-tracking?
</A
></DT
><DT
>A.1.5. <A
-HREF="#AEN1346"
+HREF="#AEN1363"
> Who maintains Bugzilla?
</A
></DT
><DT
>A.1.6. <A
-HREF="#AEN1351"
+HREF="#AEN1368"
> How does Bugzilla stack up against other bug-tracking databases?
</A
></DT
><DT
>A.1.7. <A
-HREF="#AEN1358"
+HREF="#AEN1375"
> How do I change my user name in Bugzilla?
</A
></DT
><DT
>A.1.8. <A
-HREF="#AEN1363"
+HREF="#AEN1380"
> Why doesn't Bugzilla offer this or that feature or compatability
with this other tracking software?
</A
></DT
><DT
>A.1.9. <A
-HREF="#AEN1370"
+HREF="#AEN1387"
> Why MySQL? I'm interested in seeing Bugzilla run on
Oracle/Sybase/Msql/PostgreSQL/MSSQL?
</A
></DT
><DT
>A.1.10. <A
-HREF="#AEN1388"
+HREF="#AEN1405"
> Why do the scripts say "/usr/bonsaitools/bin/perl" instead of
"/usr/bin/perl" or something else?
</A
><DL
><DT
>A.2.1. <A
-HREF="#AEN1405"
+HREF="#AEN1422"
> What about Red Hat Bugzilla?
</A
></DT
><DT
>A.2.2. <A
-HREF="#AEN1413"
+HREF="#AEN1430"
> What are the primary benefits of Red Hat Bugzilla?
</A
></DT
><DT
>A.2.3. <A
-HREF="#AEN1441"
+HREF="#AEN1458"
> What's the current status of Red Hat Bugzilla?
</A
></DT
><DL
><DT
>A.3.1. <A
-HREF="#AEN1457"
+HREF="#AEN1474"
> What about Loki Bugzilla?
</A
></DT
><DT
>A.3.2. <A
-HREF="#AEN1464"
+HREF="#AEN1481"
> Who maintains Fenris (Loki Bugzilla) now?
</A
></DT
><DT
>A.3.3. <A
-HREF="#AEN1469"
+HREF="#AEN1486"
>
</A
></DT
><DL
><DT
>A.4.1. <A
-HREF="#AEN1477"
+HREF="#AEN1494"
> Is Bugzilla web-based or do you have to have specific software or
specific operating system on your machine?
</A
></DT
><DT
>A.4.2. <A
-HREF="#AEN1482"
+HREF="#AEN1499"
> Has anyone you know of already done any Bugzilla integration with
Perforce (SCM software)?
</A
></DT
><DT
>A.4.3. <A
-HREF="#AEN1487"
+HREF="#AEN1504"
> Does Bugzilla allow the user to track multiple projects?
</A
></DT
><DT
>A.4.4. <A
-HREF="#AEN1492"
+HREF="#AEN1509"
> If I am on many projects, and search for all bugs assigned to me, will
Bugzilla list them for me and allow me to sort by project, severity etc?
</A
></DT
><DT
>A.4.5. <A
-HREF="#AEN1497"
+HREF="#AEN1514"
> Does Bugzilla allow attachments (text, screenshots, urls etc)? If yes,
are there any that are NOT allowed?
</A
></DT
><DT
>A.4.6. <A
-HREF="#AEN1502"
+HREF="#AEN1519"
> Does Bugzilla allow us to define our own priorities and levels? Do we
have complete freedom to change the labels of fields and format of them, and
the choice of acceptable values?
></DT
><DT
>A.4.7. <A
-HREF="#AEN1507"
+HREF="#AEN1524"
+> The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </A
+></DT
+><DT
+>A.4.8. <A
+HREF="#AEN1530"
> Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :)
</A
></DT
><DT
-HREF="#AEN1515"
+HREF="#AEN1538"
> Is there email notification and if so, what do you see when you get an
email? Do you see bug number and title or is it only the number?
</A
></DT
><DT
-HREF="#AEN1520"
+HREF="#AEN1543"
> Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
</A
></DT
><DT
-HREF="#AEN1525"
+HREF="#AEN1548"
> If there is email notification, do users have to have any particular
type of email application?
</A
></DT
><DT
-HREF="#AEN1532"
+HREF="#AEN1555"
> If I just wanted to track certain bugs, as they go through life, can I
set it up to alert me via email whenever that bug changes, whether it be
owner, status or description etc.?
</A
></DT
><DT
-HREF="#AEN1537"
+HREF="#AEN1560"
> Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query
</A
></DT
><DT
-HREF="#AEN1545"
+HREF="#AEN1568"
> Does Bugzilla allow fields to be added, changed or deleted? If I want to
customize the bug submission form to meet our needs, can I do that using our
terminology?
</A
></DT
><DT
-HREF="#AEN1550"
+HREF="#AEN1573"
> Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable?
</A
></DT
><DT
-HREF="#AEN1555"
+HREF="#AEN1578"
> Can a user create and save reports? Can they do this in Word format?
Excel format?
</A
></DT
><DT
-HREF="#AEN1560"
+HREF="#AEN1583"
> Can a user re-run a report with a new project, same query?
</A
></DT
><DT
-HREF="#AEN1565"
+HREF="#AEN1588"
> Can a user modify an existing report and then save it into another name?
</A
></DT
><DT
-HREF="#AEN1570"
+HREF="#AEN1593"
> Does Bugzilla have the ability to search by word, phrase, compound
search?
</A
></DT
><DT
-HREF="#AEN1575"
+HREF="#AEN1598"
> Can the admin person establish separate group and individual user
privileges?
</A
></DT
><DT
-HREF="#AEN1580"
+HREF="#AEN1603"
> Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use
or how are they notified?
</A
></DT
><DT
-HREF="#AEN1585"
+HREF="#AEN1608"
> Are there any backup features provided?
</A
></DT
><DT
-HREF="#AEN1591"
+HREF="#AEN1614"
> Can users be on the system while a backup is in progress?
</A
></DT
><DT
-HREF="#AEN1596"
+HREF="#AEN1619"
> What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of
</A
></DT
><DT
-HREF="#AEN1603"
+HREF="#AEN1626"
> What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this
</A
></DT
><DT
-HREF="#AEN1608"
+HREF="#AEN1631"
> Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above?
</A
><DL
><DT
>A.5.1. <A
-HREF="#AEN1615"
+HREF="#AEN1638"
> How do I download and install Bugzilla?
</A
></DT
><DT
>A.5.2. <A
-HREF="#AEN1621"
+HREF="#AEN1644"
> How do I install Bugzilla on Windows NT?
</A
></DT
><DT
>A.5.3. <A
-HREF="#AEN1626"
+HREF="#AEN1649"
> Is there an easy way to change the Bugzilla cookie name?
</A
></DT
><DL
><DT
>A.6.1. <A
-HREF="#AEN1633"
+HREF="#AEN1656"
> How do I completely disable MySQL security if it's giving me problems
(I've followed the instructions in the README!)?
</A
></DT
><DT
>A.6.2. <A
-HREF="#AEN1639"
+HREF="#AEN1662"
> Are there any security problems with Bugzilla?
</A
></DT
><DT
>A.6.3. <A
-HREF="#AEN1644"
+HREF="#AEN1667"
> I've implemented the security fixes mentioned in Chris Yeh's security
advisory of 5/10/2000 advising not to run MySQL as root, and am running into
problems with MySQL no longer working correctly.
><DL
><DT
>A.7.1. <A
-HREF="#AEN1651"
+HREF="#AEN1674"
> I have a user who doesn't want to receive any more email from Bugzilla.
How do I stop it entirely for this user?
</A
></DT
><DT
>A.7.2. <A
-HREF="#AEN1656"
+HREF="#AEN1679"
> I'm evaluating/testing Bugzilla, and don't want it to send email to
anyone but me. How do I do it?
</A
></DT
><DT
>A.7.3. <A
-HREF="#AEN1661"
+HREF="#AEN1684"
> I want whineatnews.pl to whine at something more, or other than, only new
bugs. How do I do it?
</A
></DT
><DT
>A.7.4. <A
-HREF="#AEN1667"
+HREF="#AEN1690"
> I don't like/want to use Procmail to hand mail off to bug_email.pl.
What alternatives do I have?
</A
></DT
><DT
>A.7.5. <A
-HREF="#AEN1674"
+HREF="#AEN1697"
> How do I set up the email interface to submit/change bugs via email?
</A
></DT
><DT
>A.7.6. <A
-HREF="#AEN1679"
+HREF="#AEN1702"
> Email takes FOREVER to reach me from bugzilla -- it's extremely slow.
What gives?
</A
></DT
><DT
>A.7.7. <A
-HREF="#AEN1686"
+HREF="#AEN1709"
> How come email never reaches me from bugzilla changes?
</A
></DT
><DL
><DT
>A.8.1. <A
-HREF="#AEN1694"
+HREF="#AEN1717"
> I've heard Bugzilla can be used with Oracle?
</A
></DT
><DT
>A.8.2. <A
-HREF="#AEN1699"
+HREF="#AEN1722"
> Bugs are missing from queries, but exist in the database (and I can pull
them up by specifying the bug ID). What's wrong?
</A
></DT
><DT
>A.8.3. <A
-HREF="#AEN1704"
+HREF="#AEN1727"
> I think my database might be corrupted, or contain invalid entries. What
do I do?
</A
></DT
><DT
>A.8.4. <A
-HREF="#AEN1709"
+HREF="#AEN1732"
> I want to manually edit some entries in my database. How?
</A
></DT
><DT
>A.8.5. <A
-HREF="#AEN1714"
+HREF="#AEN1737"
> I try to add myself as a user, but Bugzilla always tells me my password is wrong.
</A
></DT
><DT
>A.8.6. <A
-HREF="#AEN1719"
+HREF="#AEN1742"
> I think I've set up MySQL permissions correctly, but bugzilla still can't
connect.
</A
></DT
><DT
>A.8.7. <A
-HREF="#AEN1724"
+HREF="#AEN1747"
> How do I synchronize bug information among multiple different Bugzilla
databases?
</A
></DT
><DT
>A.8.8. <A
-HREF="#AEN1731"
+HREF="#AEN1754"
> Why do I get bizarre errors when trying to submit data, particularly problems
with "groupset"?
</A
></DT
><DT
>A.8.9. <A
-HREF="#AEN1736"
+HREF="#AEN1759"
> How come even after I delete bugs, the long descriptions show up?
</A
></DT
><DL
><DT
>A.9.1. <A
-HREF="#AEN1743"
+HREF="#AEN1766"
> What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)?
</A
></DT
><DT
>A.9.2. <A
-HREF="#AEN1748"
+HREF="#AEN1771"
> Is there a "Bundle::Bugzilla" equivalent for Win32?
</A
></DT
><DT
>A.9.3. <A
-HREF="#AEN1753"
+HREF="#AEN1776"
> CGI's are failing with a "something.cgi is not a valid Windows NT
application" error. Why?
</A
></DT
><DT
>A.9.4. <A
-HREF="#AEN1761"
+HREF="#AEN1784"
> Can I have some general instructions on how to make Bugzilla on Win32 work?
</A
></DT
><DT
>A.9.5. <A
-HREF="#AEN1767"
+HREF="#AEN1790"
> I'm having trouble with the perl modules for NT not being able to talk to
to the database.
</A
><DL
><DT
>A.10.1. <A
-HREF="#AEN1788"
+HREF="#AEN1811"
> The query page is very confusing. Isn't there a simpler way to query?
</A
></DT
><DT
>A.10.2. <A
-HREF="#AEN1794"
+HREF="#AEN1817"
> I'm confused by the behavior of the "accept" button in the Show Bug form.
Why doesn't it assign the bug to me when I accept it?
</A
></DT
><DT
>A.10.3. <A
-HREF="#AEN1804"
+HREF="#AEN1827"
> I can't upload anything into the database via the "Create Attachment"
link. What am I doing wrong?
</A
></DT
><DT
>A.10.4. <A
-HREF="#AEN1809"
+HREF="#AEN1832"
> Email submissions to Bugzilla that have attachments end up asking me to
save it as a "cgi" file.
</A
></DT
><DT
>A.10.5. <A
-HREF="#AEN1814"
+HREF="#AEN1837"
> How do I change a keyword in Bugzilla, once some bugs are using it?
</A
></DT
><DL
><DT
>A.11.1. <A
-HREF="#AEN1821"
+HREF="#AEN1844"
> What bugs are in Bugzilla right now?
</A
></DT
><DT
>A.11.2. <A
-HREF="#AEN1830"
+HREF="#AEN1853"
> How can I change the default priority to a null value? For instance, have the default
priority be "---" instead of "P2"?
</A
></DT
><DT
>A.11.3. <A
-HREF="#AEN1836"
+HREF="#AEN1859"
> What's the best way to submit patches? What guidelines should I follow?
</A
></DT
CLASS="QUESTION"
><P
><A
-NAME="AEN1302"
+NAME="AEN1319"
></A
><B
>A.1.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1308"
+NAME="AEN1325"
></A
><B
>A.1.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1314"
+NAME="AEN1331"
></A
><B
>A.1.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1321"
+NAME="AEN1338"
></A
><B
>A.1.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1346"
+NAME="AEN1363"
></A
><B
>A.1.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1351"
+NAME="AEN1368"
></A
><B
>A.1.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1358"
+NAME="AEN1375"
></A
><B
>A.1.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1363"
+NAME="AEN1380"
></A
><B
>A.1.8. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1370"
+NAME="AEN1387"
></A
><B
>A.1.9. </B
> </B
>Terry Weissman answers,
<A
-NAME="AEN1374"
+NAME="AEN1391"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1388"
+NAME="AEN1405"
></A
><B
>A.1.10. </B
><P
> Here's Terry Weissman's comment, for some historical context:
<A
-NAME="AEN1393"
+NAME="AEN1410"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1405"
+NAME="AEN1422"
></A
><B
>A.2.1. </B
><P
> Dave Lawrence, the original Red Hat Bugzilla maintainer, mentions:
<A
-NAME="AEN1410"
+NAME="AEN1427"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1413"
+NAME="AEN1430"
></A
><B
>A.2.2. </B
>Dave Lawrence</EM
>:
<A
-NAME="AEN1418"
+NAME="AEN1435"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1441"
+NAME="AEN1458"
></A
><B
>A.2.3. </B
>Dave Lawrence</EM
>:
<A
-NAME="AEN1448"
+NAME="AEN1465"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1457"
+NAME="AEN1474"
></A
><B
>A.3.1. </B
> Loki Games has a customized version of Bugzilla available at
http://fenris.lokigames.com. From that page,
<A
-NAME="AEN1461"
+NAME="AEN1478"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1464"
+NAME="AEN1481"
></A
><B
>A.3.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1469"
+NAME="AEN1486"
></A
><B
>A.3.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1477"
+NAME="AEN1494"
></A
><B
>A.4.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1482"
+NAME="AEN1499"
></A
><B
>A.4.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1487"
+NAME="AEN1504"
></A
><B
>A.4.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1492"
+NAME="AEN1509"
></A
><B
>A.4.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1497"
+NAME="AEN1514"
></A
><B
>A.4.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1502"
+NAME="AEN1519"
></A
><B
>A.4.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1507"
+NAME="AEN1524"
></A
><B
>A.4.7. </B
+> The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </P
+></DIV
+><DIV
+CLASS="ANSWER"
+><P
+><B
+> </B
+> This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+ </P
+><P
+CLASS="LITERALLAYOUT"
+>> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd<br>
+> enabled. Perhaps what would be better is a #include virtual and a<br>
+> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.<br>
+><br>
+> Please note that under most configurations, this also requires naming<br>
+> the file from index.html to index.shtml (and making sure that it will<br>
+> still be reconized as an index). Personally, I think this is better on<br>
+> a per-installation basis (perhaps add something to the FAQ that says how<br>
+> to do this).<br>
+<br>
+Good point. Yeah, easy enough to do, that it shouldn't be a big deal for<br>
+someone to take it on if they want it. FAQ is a good place for it.<br>
+<br>
+> Dave Miller wrote:<br>
+><br>
+>> I did a little experimenting with getting the command menu and footer on<br>
+>> the end of the index page while leaving it as an HTML file...<br>
+>><br>
+>> I was successful. :)<br>
+>><br>
+>> I added this line:<br>
+>><br>
+>> <br>
+>><br>
+>> Just before the </BODY> </HTML> at the end of the file. And it worked.<br>
+>><br>
+>> Thought I'd toss that out there. Should I check this in? For those that<br>
+>> have SSI disabled, it'll act like a comment, so I wouldn't think it would<br>
+>> break anything.<br>
+ </P
+></DIV
+></DIV
+><DIV
+CLASS="QANDAENTRY"
+><DIV
+CLASS="QUESTION"
+><P
+><A
+NAME="AEN1530"
+></A
+><B
+>A.4.8. </B
> Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :)
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1515"
+NAME="AEN1538"
></A
><B
->A.4.8. </B
+>A.4.9. </B
> Is there email notification and if so, what do you see when you get an
email? Do you see bug number and title or is it only the number?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1520"
+NAME="AEN1543"
></A
><B
->A.4.9. </B
+>A.4.10. </B
> Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1525"
+NAME="AEN1548"
></A
><B
->A.4.10. </B
+>A.4.11. </B
> If there is email notification, do users have to have any particular
type of email application?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1532"
+NAME="AEN1555"
></A
><B
->A.4.11. </B
+>A.4.12. </B
> If I just wanted to track certain bugs, as they go through life, can I
set it up to alert me via email whenever that bug changes, whether it be
owner, status or description etc.?
CLASS="QUESTION"
><P
><A
-NAME="AEN1537"
+NAME="AEN1560"
></A
><B
->A.4.12. </B
+>A.4.13. </B
> Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query
CLASS="QUESTION"
><P
><A
-NAME="AEN1545"
+NAME="AEN1568"
></A
><B
->A.4.13. </B
+>A.4.14. </B
> Does Bugzilla allow fields to be added, changed or deleted? If I want to
customize the bug submission form to meet our needs, can I do that using our
terminology?
CLASS="QUESTION"
><P
><A
-NAME="AEN1550"
+NAME="AEN1573"
></A
><B
->A.4.14. </B
+>A.4.15. </B
> Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1555"
+NAME="AEN1578"
></A
><B
->A.4.15. </B
+>A.4.16. </B
> Can a user create and save reports? Can they do this in Word format?
Excel format?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1560"
+NAME="AEN1583"
></A
><B
->A.4.16. </B
+>A.4.17. </B
> Can a user re-run a report with a new project, same query?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1565"
+NAME="AEN1588"
></A
><B
->A.4.17. </B
+>A.4.18. </B
> Can a user modify an existing report and then save it into another name?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1570"
+NAME="AEN1593"
></A
><B
->A.4.18. </B
+>A.4.19. </B
> Does Bugzilla have the ability to search by word, phrase, compound
search?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1575"
+NAME="AEN1598"
></A
><B
->A.4.19. </B
+>A.4.20. </B
> Can the admin person establish separate group and individual user
privileges?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1580"
+NAME="AEN1603"
></A
><B
->A.4.20. </B
+>A.4.21. </B
> Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use
or how are they notified?
CLASS="QUESTION"
><P
><A
-NAME="AEN1585"
+NAME="AEN1608"
></A
><B
->A.4.21. </B
+>A.4.22. </B
> Are there any backup features provided?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1591"
+NAME="AEN1614"
></A
><B
->A.4.22. </B
+>A.4.23. </B
> Can users be on the system while a backup is in progress?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1596"
+NAME="AEN1619"
></A
><B
->A.4.23. </B
+>A.4.24. </B
> What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of
CLASS="QUESTION"
><P
><A
-NAME="AEN1603"
+NAME="AEN1626"
></A
><B
->A.4.24. </B
+>A.4.25. </B
> What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this
CLASS="QUESTION"
><P
><A
-NAME="AEN1608"
+NAME="AEN1631"
></A
><B
->A.4.25. </B
+>A.4.26. </B
> Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1615"
+NAME="AEN1638"
></A
><B
>A.5.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1621"
+NAME="AEN1644"
></A
><B
>A.5.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1626"
+NAME="AEN1649"
></A
><B
>A.5.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1633"
+NAME="AEN1656"
></A
><B
>A.6.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1639"
+NAME="AEN1662"
></A
><B
>A.6.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1644"
+NAME="AEN1667"
></A
><B
>A.6.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1651"
+NAME="AEN1674"
></A
><B
>A.7.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1656"
+NAME="AEN1679"
></A
><B
>A.7.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1661"
+NAME="AEN1684"
></A
><B
>A.7.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1667"
+NAME="AEN1690"
></A
><B
>A.7.4. </B
> You can call bug_email.pl directly from your aliases file, with
an entry like this:
<A
-NAME="AEN1671"
+NAME="AEN1694"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1674"
+NAME="AEN1697"
></A
><B
>A.7.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1679"
+NAME="AEN1702"
></A
><B
>A.7.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1686"
+NAME="AEN1709"
></A
><B
>A.7.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1694"
+NAME="AEN1717"
></A
><B
>A.8.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1699"
+NAME="AEN1722"
></A
><B
>A.8.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1704"
+NAME="AEN1727"
></A
><B
>A.8.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1709"
+NAME="AEN1732"
></A
><B
>A.8.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1714"
+NAME="AEN1737"
></A
><B
>A.8.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1719"
+NAME="AEN1742"
></A
><B
>A.8.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1724"
+NAME="AEN1747"
></A
><B
>A.8.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1731"
+NAME="AEN1754"
></A
><B
>A.8.8. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1736"
+NAME="AEN1759"
></A
><B
>A.8.9. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1743"
+NAME="AEN1766"
></A
><B
>A.9.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1748"
+NAME="AEN1771"
></A
><B
>A.9.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1753"
+NAME="AEN1776"
></A
><B
>A.9.3. </B
><P
> Microsoft has some advice on this matter, as well:
<A
-NAME="AEN1758"
+NAME="AEN1781"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1761"
+NAME="AEN1784"
></A
><B
>A.9.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1767"
+NAME="AEN1790"
></A
><B
>A.9.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1788"
+NAME="AEN1811"
></A
><B
>A.10.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1794"
+NAME="AEN1817"
></A
><B
>A.10.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1804"
+NAME="AEN1827"
></A
><B
>A.10.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1809"
+NAME="AEN1832"
></A
><B
>A.10.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1814"
+NAME="AEN1837"
></A
><B
>A.10.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1821"
+NAME="AEN1844"
></A
><B
>A.11.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1830"
+NAME="AEN1853"
></A
><B
>A.11.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1836"
+NAME="AEN1859"
></A
><B
>A.11.3. </B
database, as well as MySQL.
Here's what Dave Lawrence had to say about the status of Red Hat Bugzilla,
<A
-NAME="AEN1913"
+NAME="AEN1936"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1963"
+NAME="AEN1986"
></A
><P
><B
><P
>Version 1.1, March 2000</P
><A
-NAME="AEN2019"
+NAME="AEN2042"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
a copy of the License in the document and put the following
copyright and license notices just after the title page:</P
><A
-NAME="AEN2109"
+NAME="AEN2132"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
><DIV
CLASS="EXAMPLE"
><A
-NAME="AEN2145"
+NAME="AEN2168"
></A
><P
><B
><DL
><DT
>A.1.1. <A
-HREF="faq.html#AEN1302"
+HREF="faq.html#AEN1319"
> Where can I find information about Bugzilla?</A
></DT
><DT
>A.1.2. <A
-HREF="faq.html#AEN1308"
+HREF="faq.html#AEN1325"
> What license is Bugzilla distributed under?
</A
></DT
><DT
>A.1.3. <A
-HREF="faq.html#AEN1314"
+HREF="faq.html#AEN1331"
> How do I get commercial support for Bugzilla?
</A
></DT
><DT
>A.1.4. <A
-HREF="faq.html#AEN1321"
+HREF="faq.html#AEN1338"
> What major companies or projects are currently using Bugzilla
for bug-tracking?
</A
></DT
><DT
>A.1.5. <A
-HREF="faq.html#AEN1346"
+HREF="faq.html#AEN1363"
> Who maintains Bugzilla?
</A
></DT
><DT
>A.1.6. <A
-HREF="faq.html#AEN1351"
+HREF="faq.html#AEN1368"
> How does Bugzilla stack up against other bug-tracking databases?
</A
></DT
><DT
>A.1.7. <A
-HREF="faq.html#AEN1358"
+HREF="faq.html#AEN1375"
> How do I change my user name in Bugzilla?
</A
></DT
><DT
>A.1.8. <A
-HREF="faq.html#AEN1363"
+HREF="faq.html#AEN1380"
> Why doesn't Bugzilla offer this or that feature or compatability
with this other tracking software?
</A
></DT
><DT
>A.1.9. <A
-HREF="faq.html#AEN1370"
+HREF="faq.html#AEN1387"
> Why MySQL? I'm interested in seeing Bugzilla run on
Oracle/Sybase/Msql/PostgreSQL/MSSQL?
</A
></DT
><DT
>A.1.10. <A
-HREF="faq.html#AEN1388"
+HREF="faq.html#AEN1405"
> Why do the scripts say "/usr/bonsaitools/bin/perl" instead of
"/usr/bin/perl" or something else?
</A
><DL
><DT
>A.2.1. <A
-HREF="faq.html#AEN1405"
+HREF="faq.html#AEN1422"
> What about Red Hat Bugzilla?
</A
></DT
><DT
>A.2.2. <A
-HREF="faq.html#AEN1413"
+HREF="faq.html#AEN1430"
> What are the primary benefits of Red Hat Bugzilla?
</A
></DT
><DT
>A.2.3. <A
-HREF="faq.html#AEN1441"
+HREF="faq.html#AEN1458"
> What's the current status of Red Hat Bugzilla?
</A
></DT
><DL
><DT
>A.3.1. <A
-HREF="faq.html#AEN1457"
+HREF="faq.html#AEN1474"
> What about Loki Bugzilla?
</A
></DT
><DT
>A.3.2. <A
-HREF="faq.html#AEN1464"
+HREF="faq.html#AEN1481"
> Who maintains Fenris (Loki Bugzilla) now?
</A
></DT
><DT
>A.3.3. <A
-HREF="faq.html#AEN1469"
+HREF="faq.html#AEN1486"
>
</A
></DT
><DL
><DT
>A.4.1. <A
-HREF="faq.html#AEN1477"
+HREF="faq.html#AEN1494"
> Is Bugzilla web-based or do you have to have specific software or
specific operating system on your machine?
</A
></DT
><DT
>A.4.2. <A
-HREF="faq.html#AEN1482"
+HREF="faq.html#AEN1499"
> Has anyone you know of already done any Bugzilla integration with
Perforce (SCM software)?
</A
></DT
><DT
>A.4.3. <A
-HREF="faq.html#AEN1487"
+HREF="faq.html#AEN1504"
> Does Bugzilla allow the user to track multiple projects?
</A
></DT
><DT
>A.4.4. <A
-HREF="faq.html#AEN1492"
+HREF="faq.html#AEN1509"
> If I am on many projects, and search for all bugs assigned to me, will
Bugzilla list them for me and allow me to sort by project, severity etc?
</A
></DT
><DT
>A.4.5. <A
-HREF="faq.html#AEN1497"
+HREF="faq.html#AEN1514"
> Does Bugzilla allow attachments (text, screenshots, urls etc)? If yes,
are there any that are NOT allowed?
</A
></DT
><DT
>A.4.6. <A
-HREF="faq.html#AEN1502"
+HREF="faq.html#AEN1519"
> Does Bugzilla allow us to define our own priorities and levels? Do we
have complete freedom to change the labels of fields and format of them, and
the choice of acceptable values?
></DT
><DT
>A.4.7. <A
-HREF="faq.html#AEN1507"
+HREF="faq.html#AEN1524"
+> The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </A
+></DT
+><DT
+>A.4.8. <A
+HREF="faq.html#AEN1530"
> Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :)
</A
></DT
><DT
-HREF="faq.html#AEN1515"
+HREF="faq.html#AEN1538"
> Is there email notification and if so, what do you see when you get an
email? Do you see bug number and title or is it only the number?
</A
></DT
><DT
-HREF="faq.html#AEN1520"
+HREF="faq.html#AEN1543"
> Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
</A
></DT
><DT
-HREF="faq.html#AEN1525"
+HREF="faq.html#AEN1548"
> If there is email notification, do users have to have any particular
type of email application?
</A
></DT
><DT
-HREF="faq.html#AEN1532"
+HREF="faq.html#AEN1555"
> If I just wanted to track certain bugs, as they go through life, can I
set it up to alert me via email whenever that bug changes, whether it be
owner, status or description etc.?
</A
></DT
><DT
-HREF="faq.html#AEN1537"
+HREF="faq.html#AEN1560"
> Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query
</A
></DT
><DT
-HREF="faq.html#AEN1545"
+HREF="faq.html#AEN1568"
> Does Bugzilla allow fields to be added, changed or deleted? If I want to
customize the bug submission form to meet our needs, can I do that using our
terminology?
</A
></DT
><DT
-HREF="faq.html#AEN1550"
+HREF="faq.html#AEN1573"
> Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable?
</A
></DT
><DT
-HREF="faq.html#AEN1555"
+HREF="faq.html#AEN1578"
> Can a user create and save reports? Can they do this in Word format?
Excel format?
</A
></DT
><DT
-HREF="faq.html#AEN1560"
+HREF="faq.html#AEN1583"
> Can a user re-run a report with a new project, same query?
</A
></DT
><DT
-HREF="faq.html#AEN1565"
+HREF="faq.html#AEN1588"
> Can a user modify an existing report and then save it into another name?
</A
></DT
><DT
-HREF="faq.html#AEN1570"
+HREF="faq.html#AEN1593"
> Does Bugzilla have the ability to search by word, phrase, compound
search?
</A
></DT
><DT
-HREF="faq.html#AEN1575"
+HREF="faq.html#AEN1598"
> Can the admin person establish separate group and individual user
privileges?
</A
></DT
><DT
-HREF="faq.html#AEN1580"
+HREF="faq.html#AEN1603"
> Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use
or how are they notified?
</A
></DT
><DT
-HREF="faq.html#AEN1585"
+HREF="faq.html#AEN1608"
> Are there any backup features provided?
</A
></DT
><DT
-HREF="faq.html#AEN1591"
+HREF="faq.html#AEN1614"
> Can users be on the system while a backup is in progress?
</A
></DT
><DT
-HREF="faq.html#AEN1596"
+HREF="faq.html#AEN1619"
> What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of
</A
></DT
><DT
-HREF="faq.html#AEN1603"
+HREF="faq.html#AEN1626"
> What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this
</A
></DT
><DT
-HREF="faq.html#AEN1608"
+HREF="faq.html#AEN1631"
> Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above?
</A
><DL
><DT
>A.5.1. <A
-HREF="faq.html#AEN1615"
+HREF="faq.html#AEN1638"
> How do I download and install Bugzilla?
</A
></DT
><DT
>A.5.2. <A
-HREF="faq.html#AEN1621"
+HREF="faq.html#AEN1644"
> How do I install Bugzilla on Windows NT?
</A
></DT
><DT
>A.5.3. <A
-HREF="faq.html#AEN1626"
+HREF="faq.html#AEN1649"
> Is there an easy way to change the Bugzilla cookie name?
</A
></DT
><DL
><DT
>A.6.1. <A
-HREF="faq.html#AEN1633"
+HREF="faq.html#AEN1656"
> How do I completely disable MySQL security if it's giving me problems
(I've followed the instructions in the README!)?
</A
></DT
><DT
>A.6.2. <A
-HREF="faq.html#AEN1639"
+HREF="faq.html#AEN1662"
> Are there any security problems with Bugzilla?
</A
></DT
><DT
>A.6.3. <A
-HREF="faq.html#AEN1644"
+HREF="faq.html#AEN1667"
> I've implemented the security fixes mentioned in Chris Yeh's security
advisory of 5/10/2000 advising not to run MySQL as root, and am running into
problems with MySQL no longer working correctly.
><DL
><DT
>A.7.1. <A
-HREF="faq.html#AEN1651"
+HREF="faq.html#AEN1674"
> I have a user who doesn't want to receive any more email from Bugzilla.
How do I stop it entirely for this user?
</A
></DT
><DT
>A.7.2. <A
-HREF="faq.html#AEN1656"
+HREF="faq.html#AEN1679"
> I'm evaluating/testing Bugzilla, and don't want it to send email to
anyone but me. How do I do it?
</A
></DT
><DT
>A.7.3. <A
-HREF="faq.html#AEN1661"
+HREF="faq.html#AEN1684"
> I want whineatnews.pl to whine at something more, or other than, only new
bugs. How do I do it?
</A
></DT
><DT
>A.7.4. <A
-HREF="faq.html#AEN1667"
+HREF="faq.html#AEN1690"
> I don't like/want to use Procmail to hand mail off to bug_email.pl.
What alternatives do I have?
</A
></DT
><DT
>A.7.5. <A
-HREF="faq.html#AEN1674"
+HREF="faq.html#AEN1697"
> How do I set up the email interface to submit/change bugs via email?
</A
></DT
><DT
>A.7.6. <A
-HREF="faq.html#AEN1679"
+HREF="faq.html#AEN1702"
> Email takes FOREVER to reach me from bugzilla -- it's extremely slow.
What gives?
</A
></DT
><DT
>A.7.7. <A
-HREF="faq.html#AEN1686"
+HREF="faq.html#AEN1709"
> How come email never reaches me from bugzilla changes?
</A
></DT
><DL
><DT
>A.8.1. <A
-HREF="faq.html#AEN1694"
+HREF="faq.html#AEN1717"
> I've heard Bugzilla can be used with Oracle?
</A
></DT
><DT
>A.8.2. <A
-HREF="faq.html#AEN1699"
+HREF="faq.html#AEN1722"
> Bugs are missing from queries, but exist in the database (and I can pull
them up by specifying the bug ID). What's wrong?
</A
></DT
><DT
>A.8.3. <A
-HREF="faq.html#AEN1704"
+HREF="faq.html#AEN1727"
> I think my database might be corrupted, or contain invalid entries. What
do I do?
</A
></DT
><DT
>A.8.4. <A
-HREF="faq.html#AEN1709"
+HREF="faq.html#AEN1732"
> I want to manually edit some entries in my database. How?
</A
></DT
><DT
>A.8.5. <A
-HREF="faq.html#AEN1714"
+HREF="faq.html#AEN1737"
> I try to add myself as a user, but Bugzilla always tells me my password is wrong.
</A
></DT
><DT
>A.8.6. <A
-HREF="faq.html#AEN1719"
+HREF="faq.html#AEN1742"
> I think I've set up MySQL permissions correctly, but bugzilla still can't
connect.
</A
></DT
><DT
>A.8.7. <A
-HREF="faq.html#AEN1724"
+HREF="faq.html#AEN1747"
> How do I synchronize bug information among multiple different Bugzilla
databases?
</A
></DT
><DT
>A.8.8. <A
-HREF="faq.html#AEN1731"
+HREF="faq.html#AEN1754"
> Why do I get bizarre errors when trying to submit data, particularly problems
with "groupset"?
</A
></DT
><DT
>A.8.9. <A
-HREF="faq.html#AEN1736"
+HREF="faq.html#AEN1759"
> How come even after I delete bugs, the long descriptions show up?
</A
></DT
><DL
><DT
>A.9.1. <A
-HREF="faq.html#AEN1743"
+HREF="faq.html#AEN1766"
> What is the easiest way to run Bugzilla on Win32 (Win98+/NT/2K)?
</A
></DT
><DT
>A.9.2. <A
-HREF="faq.html#AEN1748"
+HREF="faq.html#AEN1771"
> Is there a "Bundle::Bugzilla" equivalent for Win32?
</A
></DT
><DT
>A.9.3. <A
-HREF="faq.html#AEN1753"
+HREF="faq.html#AEN1776"
> CGI's are failing with a "something.cgi is not a valid Windows NT
application" error. Why?
</A
></DT
><DT
>A.9.4. <A
-HREF="faq.html#AEN1761"
+HREF="faq.html#AEN1784"
> Can I have some general instructions on how to make Bugzilla on Win32 work?
</A
></DT
><DT
>A.9.5. <A
-HREF="faq.html#AEN1767"
+HREF="faq.html#AEN1790"
> I'm having trouble with the perl modules for NT not being able to talk to
to the database.
</A
><DL
><DT
>A.10.1. <A
-HREF="faq.html#AEN1788"
+HREF="faq.html#AEN1811"
> The query page is very confusing. Isn't there a simpler way to query?
</A
></DT
><DT
>A.10.2. <A
-HREF="faq.html#AEN1794"
+HREF="faq.html#AEN1817"
> I'm confused by the behavior of the "accept" button in the Show Bug form.
Why doesn't it assign the bug to me when I accept it?
</A
></DT
><DT
>A.10.3. <A
-HREF="faq.html#AEN1804"
+HREF="faq.html#AEN1827"
> I can't upload anything into the database via the "Create Attachment"
link. What am I doing wrong?
</A
></DT
><DT
>A.10.4. <A
-HREF="faq.html#AEN1809"
+HREF="faq.html#AEN1832"
> Email submissions to Bugzilla that have attachments end up asking me to
save it as a "cgi" file.
</A
></DT
><DT
>A.10.5. <A
-HREF="faq.html#AEN1814"
+HREF="faq.html#AEN1837"
> How do I change a keyword in Bugzilla, once some bugs are using it?
</A
></DT
><DL
><DT
>A.11.1. <A
-HREF="faq.html#AEN1821"
+HREF="faq.html#AEN1844"
> What bugs are in Bugzilla right now?
</A
></DT
><DT
>A.11.2. <A
-HREF="faq.html#AEN1830"
+HREF="faq.html#AEN1853"
> How can I change the default priority to a null value? For instance, have the default
priority be "---" instead of "P2"?
</A
></DT
><DT
>A.11.3. <A
-HREF="faq.html#AEN1836"
+HREF="faq.html#AEN1859"
> What's the best way to submit patches? What guidelines should I follow?
</A
></DT
CLASS="QUESTION"
><P
><A
-NAME="AEN1302"
+NAME="AEN1319"
></A
><B
>A.1.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1308"
+NAME="AEN1325"
></A
><B
>A.1.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1314"
+NAME="AEN1331"
></A
><B
>A.1.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1321"
+NAME="AEN1338"
></A
><B
>A.1.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1346"
+NAME="AEN1363"
></A
><B
>A.1.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1351"
+NAME="AEN1368"
></A
><B
>A.1.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1358"
+NAME="AEN1375"
></A
><B
>A.1.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1363"
+NAME="AEN1380"
></A
><B
>A.1.8. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1370"
+NAME="AEN1387"
></A
><B
>A.1.9. </B
> </B
>Terry Weissman answers,
<A
-NAME="AEN1374"
+NAME="AEN1391"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1388"
+NAME="AEN1405"
></A
><B
>A.1.10. </B
><P
> Here's Terry Weissman's comment, for some historical context:
<A
-NAME="AEN1393"
+NAME="AEN1410"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1405"
+NAME="AEN1422"
></A
><B
>A.2.1. </B
><P
> Dave Lawrence, the original Red Hat Bugzilla maintainer, mentions:
<A
-NAME="AEN1410"
+NAME="AEN1427"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1413"
+NAME="AEN1430"
></A
><B
>A.2.2. </B
>Dave Lawrence</EM
>:
<A
-NAME="AEN1418"
+NAME="AEN1435"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1441"
+NAME="AEN1458"
></A
><B
>A.2.3. </B
>Dave Lawrence</EM
>:
<A
-NAME="AEN1448"
+NAME="AEN1465"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1457"
+NAME="AEN1474"
></A
><B
>A.3.1. </B
> Loki Games has a customized version of Bugzilla available at
http://fenris.lokigames.com. From that page,
<A
-NAME="AEN1461"
+NAME="AEN1478"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1464"
+NAME="AEN1481"
></A
><B
>A.3.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1469"
+NAME="AEN1486"
></A
><B
>A.3.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1477"
+NAME="AEN1494"
></A
><B
>A.4.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1482"
+NAME="AEN1499"
></A
><B
>A.4.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1487"
+NAME="AEN1504"
></A
><B
>A.4.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1492"
+NAME="AEN1509"
></A
><B
>A.4.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1497"
+NAME="AEN1514"
></A
><B
>A.4.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1502"
+NAME="AEN1519"
></A
><B
>A.4.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1507"
+NAME="AEN1524"
></A
><B
>A.4.7. </B
+> The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </P
+></DIV
+><DIV
+CLASS="ANSWER"
+><P
+><B
+> </B
+> This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+ </P
+><P
+CLASS="LITERALLAYOUT"
+>> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd<br>
+> enabled. Perhaps what would be better is a #include virtual and a<br>
+> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.<br>
+><br>
+> Please note that under most configurations, this also requires naming<br>
+> the file from index.html to index.shtml (and making sure that it will<br>
+> still be reconized as an index). Personally, I think this is better on<br>
+> a per-installation basis (perhaps add something to the FAQ that says how<br>
+> to do this).<br>
+<br>
+Good point. Yeah, easy enough to do, that it shouldn't be a big deal for<br>
+someone to take it on if they want it. FAQ is a good place for it.<br>
+<br>
+> Dave Miller wrote:<br>
+><br>
+>> I did a little experimenting with getting the command menu and footer on<br>
+>> the end of the index page while leaving it as an HTML file...<br>
+>><br>
+>> I was successful. :)<br>
+>><br>
+>> I added this line:<br>
+>><br>
+>> <br>
+>><br>
+>> Just before the </BODY> </HTML> at the end of the file. And it worked.<br>
+>><br>
+>> Thought I'd toss that out there. Should I check this in? For those that<br>
+>> have SSI disabled, it'll act like a comment, so I wouldn't think it would<br>
+>> break anything.<br>
+ </P
+></DIV
+></DIV
+><DIV
+CLASS="QANDAENTRY"
+><DIV
+CLASS="QUESTION"
+><P
+><A
+NAME="AEN1530"
+></A
+><B
+>A.4.8. </B
> Does Bugzilla provide any reporting features, metrics, graphs, etc? You
know, the type of stuff that management likes to see. :)
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1515"
+NAME="AEN1538"
></A
><B
->A.4.8. </B
+>A.4.9. </B
> Is there email notification and if so, what do you see when you get an
email? Do you see bug number and title or is it only the number?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1520"
+NAME="AEN1543"
></A
><B
->A.4.9. </B
+>A.4.10. </B
> Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1525"
+NAME="AEN1548"
></A
><B
->A.4.10. </B
+>A.4.11. </B
> If there is email notification, do users have to have any particular
type of email application?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1532"
+NAME="AEN1555"
></A
><B
->A.4.11. </B
+>A.4.12. </B
> If I just wanted to track certain bugs, as they go through life, can I
set it up to alert me via email whenever that bug changes, whether it be
owner, status or description etc.?
CLASS="QUESTION"
><P
><A
-NAME="AEN1537"
+NAME="AEN1560"
></A
><B
->A.4.12. </B
+>A.4.13. </B
> Does Bugzilla allow data to be imported and exported? If I had outsiders
write up a bug report using a MS Word bug template, could that template be
imported into "matching" fields? If I wanted to take the results of a query
CLASS="QUESTION"
><P
><A
-NAME="AEN1545"
+NAME="AEN1568"
></A
><B
->A.4.13. </B
+>A.4.14. </B
> Does Bugzilla allow fields to be added, changed or deleted? If I want to
customize the bug submission form to meet our needs, can I do that using our
terminology?
CLASS="QUESTION"
><P
><A
-NAME="AEN1550"
+NAME="AEN1573"
></A
><B
->A.4.14. </B
+>A.4.15. </B
> Has anyone converted Bugzilla to another language to be used in other
countries? Is it localizable?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1555"
+NAME="AEN1578"
></A
><B
->A.4.15. </B
+>A.4.16. </B
> Can a user create and save reports? Can they do this in Word format?
Excel format?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1560"
+NAME="AEN1583"
></A
><B
->A.4.16. </B
+>A.4.17. </B
> Can a user re-run a report with a new project, same query?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1565"
+NAME="AEN1588"
></A
><B
->A.4.17. </B
+>A.4.18. </B
> Can a user modify an existing report and then save it into another name?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1570"
+NAME="AEN1593"
></A
><B
->A.4.18. </B
+>A.4.19. </B
> Does Bugzilla have the ability to search by word, phrase, compound
search?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1575"
+NAME="AEN1598"
></A
><B
->A.4.19. </B
+>A.4.20. </B
> Can the admin person establish separate group and individual user
privileges?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1580"
+NAME="AEN1603"
></A
><B
->A.4.20. </B
+>A.4.21. </B
> Does Bugzilla provide record locking when there is simultaneous access
to the same bug? Does the second person get a notice that the bug is in use
or how are they notified?
CLASS="QUESTION"
><P
><A
-NAME="AEN1585"
+NAME="AEN1608"
></A
><B
->A.4.21. </B
+>A.4.22. </B
> Are there any backup features provided?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1591"
+NAME="AEN1614"
></A
><B
->A.4.22. </B
+>A.4.23. </B
> Can users be on the system while a backup is in progress?
</P
></DIV
CLASS="QUESTION"
><P
><A
-NAME="AEN1596"
+NAME="AEN1619"
></A
><B
->A.4.23. </B
+>A.4.24. </B
> What type of human resources are needed to be on staff to install and
maintain Bugzilla? Specifically, what type of skills does the person need to
have? I need to find out if we were to go with Bugzilla, what types of
CLASS="QUESTION"
><P
><A
-NAME="AEN1603"
+NAME="AEN1626"
></A
><B
->A.4.24. </B
+>A.4.25. </B
> What time frame are we looking at if we decide to hire people to install
and maintain the Bugzilla? Is this something that takes hours or weeks to
install and a couple of hours per week to maintain and customize or is this
CLASS="QUESTION"
><P
><A
-NAME="AEN1608"
+NAME="AEN1631"
></A
><B
->A.4.25. </B
+>A.4.26. </B
> Is there any licensing fee or other fees for using Bugzilla? Any
out-of-pocket cost other than the bodies needed as identified above?
</P
CLASS="QUESTION"
><P
><A
-NAME="AEN1615"
+NAME="AEN1638"
></A
><B
>A.5.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1621"
+NAME="AEN1644"
></A
><B
>A.5.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1626"
+NAME="AEN1649"
></A
><B
>A.5.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1633"
+NAME="AEN1656"
></A
><B
>A.6.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1639"
+NAME="AEN1662"
></A
><B
>A.6.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1644"
+NAME="AEN1667"
></A
><B
>A.6.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1651"
+NAME="AEN1674"
></A
><B
>A.7.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1656"
+NAME="AEN1679"
></A
><B
>A.7.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1661"
+NAME="AEN1684"
></A
><B
>A.7.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1667"
+NAME="AEN1690"
></A
><B
>A.7.4. </B
> You can call bug_email.pl directly from your aliases file, with
an entry like this:
<A
-NAME="AEN1671"
+NAME="AEN1694"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1674"
+NAME="AEN1697"
></A
><B
>A.7.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1679"
+NAME="AEN1702"
></A
><B
>A.7.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1686"
+NAME="AEN1709"
></A
><B
>A.7.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1694"
+NAME="AEN1717"
></A
><B
>A.8.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1699"
+NAME="AEN1722"
></A
><B
>A.8.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1704"
+NAME="AEN1727"
></A
><B
>A.8.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1709"
+NAME="AEN1732"
></A
><B
>A.8.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1714"
+NAME="AEN1737"
></A
><B
>A.8.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1719"
+NAME="AEN1742"
></A
><B
>A.8.6. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1724"
+NAME="AEN1747"
></A
><B
>A.8.7. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1731"
+NAME="AEN1754"
></A
><B
>A.8.8. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1736"
+NAME="AEN1759"
></A
><B
>A.8.9. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1743"
+NAME="AEN1766"
></A
><B
>A.9.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1748"
+NAME="AEN1771"
></A
><B
>A.9.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1753"
+NAME="AEN1776"
></A
><B
>A.9.3. </B
><P
> Microsoft has some advice on this matter, as well:
<A
-NAME="AEN1758"
+NAME="AEN1781"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
CLASS="QUESTION"
><P
><A
-NAME="AEN1761"
+NAME="AEN1784"
></A
><B
>A.9.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1767"
+NAME="AEN1790"
></A
><B
>A.9.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1788"
+NAME="AEN1811"
></A
><B
>A.10.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1794"
+NAME="AEN1817"
></A
><B
>A.10.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1804"
+NAME="AEN1827"
></A
><B
>A.10.3. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1809"
+NAME="AEN1832"
></A
><B
>A.10.4. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1814"
+NAME="AEN1837"
></A
><B
>A.10.5. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1821"
+NAME="AEN1844"
></A
><B
>A.11.1. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1830"
+NAME="AEN1853"
></A
><B
>A.11.2. </B
CLASS="QUESTION"
><P
><A
-NAME="AEN1836"
+NAME="AEN1859"
></A
><B
>A.11.3. </B
><P
>Version 1.1, March 2000</P
><A
-NAME="AEN2019"
+NAME="AEN2042"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
a copy of the License in the document and put the following
copyright and license notices just after the title page:</P
><A
-NAME="AEN2109"
+NAME="AEN2132"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
><DIV
CLASS="EXAMPLE"
><A
-NAME="AEN2145"
+NAME="AEN2168"
></A
><P
><B
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1095"
+NAME="AEN1112"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN1097"
+NAME="AEN1114"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1105"
+NAME="AEN1122"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN1107"
+NAME="AEN1124"
></A
><P
></P
></DT
><DT
>2.1.2.14. <A
-HREF="readme.unix.html#AEN343"
+HREF="readme.unix.html#AEN347"
>Setting Up the MySQL Database</A
></DT
><DT
>2.1.2.15. <A
-HREF="readme.unix.html#AEN379"
+HREF="readme.unix.html#AEN383"
>Tweaking "localconfig"</A
></DT
><DT
>2.1.2.16. <A
-HREF="readme.unix.html#AEN401"
->Setting Up Maintainers Manuall (Optional)</A
+HREF="readme.unix.html#AEN410"
+>Setting Up Maintainers Manually (Optional)</A
></DT
><DT
>2.1.2.17. <A
-HREF="readme.unix.html#AEN410"
+HREF="readme.unix.html#AEN419"
>The Whining Cron (Optional)</A
></DT
><DT
>2.1.2.18. <A
-HREF="readme.unix.html#AEN417"
+HREF="readme.unix.html#AEN426"
>Bug Graphs (Optional)</A
></DT
><DT
>2.1.2.19. <A
-HREF="readme.unix.html#AEN429"
+HREF="readme.unix.html#AEN438"
>Securing MySQL</A
></DT
><DT
>2.1.2.20. <A
-HREF="readme.unix.html#AEN495"
+HREF="readme.unix.html#AEN504"
>Installation General Notes</A
></DT
></DL
></DT
><DT
>2-1. <A
-HREF="readme.windows.html#AEN646"
+HREF="readme.unix.html#AEN341"
+>Setting up bonsaitools symlink</A
+></DT
+><DT
+>2-2. <A
+HREF="readme.unix.html#AEN403"
+>Running checksetup.pl as the web user</A
+></DT
+><DT
+>2-3. <A
+HREF="readme.windows.html#AEN655"
>Removing encrypt() for Windows NT installations</A
></DT
><DT
>3-1. <A
-HREF="programadmin.html#AEN838"
+HREF="programadmin.html#AEN850"
>Creating some Components</A
></DT
><DT
>3-2. <A
-HREF="programadmin.html#AEN867"
+HREF="programadmin.html#AEN879"
>Common Use of Versions</A
></DT
><DT
>3-3. <A
-HREF="programadmin.html#AEN871"
+HREF="programadmin.html#AEN883"
>A Different Use of Versions</A
></DT
><DT
>3-4. <A
-HREF="programadmin.html#AEN899"
+HREF="programadmin.html#AEN911"
>Using SortKey with Target Milestone</A
></DT
><DT
>3-5. <A
-HREF="programadmin.html#AEN937"
+HREF="programadmin.html#AEN949"
>When to Use Group Security</A
></DT
><DT
>3-6. <A
-HREF="programadmin.html#AEN954"
+HREF="programadmin.html#AEN966"
>Creating a New Group</A
></DT
><DT
>4-1. <A
-HREF="how.html#AEN1095"
+HREF="how.html#AEN1112"
>Some Famous Software Versions</A
></DT
><DT
>4-2. <A
-HREF="how.html#AEN1105"
+HREF="how.html#AEN1122"
>Mozilla Webtools Components</A
></DT
><DT
>D-1. <A
-HREF="setperl.html#AEN1963"
+HREF="setperl.html#AEN1986"
>Using Setperl to set your perl path</A
></DT
><DT
>1. <A
-HREF="glossary.html#AEN2145"
+HREF="glossary.html#AEN2168"
>A Sample Product</A
></DT
></DL
></DT
><DT
>2.1.2.14. <A
-HREF="readme.unix.html#AEN343"
+HREF="readme.unix.html#AEN347"
>Setting Up the MySQL Database</A
></DT
><DT
>2.1.2.15. <A
-HREF="readme.unix.html#AEN379"
+HREF="readme.unix.html#AEN383"
>Tweaking "localconfig"</A
></DT
><DT
>2.1.2.16. <A
-HREF="readme.unix.html#AEN401"
->Setting Up Maintainers Manuall (Optional)</A
+HREF="readme.unix.html#AEN410"
+>Setting Up Maintainers Manually (Optional)</A
></DT
><DT
>2.1.2.17. <A
-HREF="readme.unix.html#AEN410"
+HREF="readme.unix.html#AEN419"
>The Whining Cron (Optional)</A
></DT
><DT
>2.1.2.18. <A
-HREF="readme.unix.html#AEN417"
+HREF="readme.unix.html#AEN426"
>Bug Graphs (Optional)</A
></DT
><DT
>2.1.2.19. <A
-HREF="readme.unix.html#AEN429"
+HREF="readme.unix.html#AEN438"
>Securing MySQL</A
></DT
><DT
>2.1.2.20. <A
-HREF="readme.unix.html#AEN495"
+HREF="readme.unix.html#AEN504"
>Installation General Notes</A
></DT
><DD
><DL
><DT
>2.1.2.20.1. <A
-HREF="readme.unix.html#AEN497"
+HREF="readme.unix.html#AEN506"
>Modifying Your Running System</A
></DT
><DT
>2.1.2.20.2. <A
-HREF="readme.unix.html#AEN502"
+HREF="readme.unix.html#AEN511"
>Upgrading From Previous Versions</A
></DT
><DT
>2.1.2.20.3. <A
-HREF="readme.unix.html#AEN505"
+HREF="readme.unix.html#AEN514"
>UNIX Installation Instructions History</A
></DT
></DL
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN838"
+NAME="AEN850"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN840"
+NAME="AEN852"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN867"
+NAME="AEN879"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN869"
+NAME="AEN881"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN871"
+NAME="AEN883"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN873"
+NAME="AEN885"
></A
><P
></P
><DIV
CLASS="EXAMPLE"
><A
-NAME="AEN899"
+NAME="AEN911"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN901"
+NAME="AEN913"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN937"
+NAME="AEN949"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN939"
+NAME="AEN951"
></A
><P
></P
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN954"
+NAME="AEN966"
></A
><P
><B
><DIV
CLASS="INFORMALEXAMPLE"
><A
-NAME="AEN956"
+NAME="AEN968"
></A
><P
></P
><P
><B
>Tip: </B
-> HINT: If you symlink the bugzilla directory into your Apache's
+> If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the <Directory> entry
for the HTML root.
installation.
</P
><P
-> Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
- to the correct location of your perl executable (probably /usr/bin/perl).
+> Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
+ for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
<DIV
+CLASS="EXAMPLE"
+><A
+NAME="AEN341"
+></A
+><P
+><B
+>Example 2-1. Setting up bonsaitools symlink</B
+></P
+><P
+> Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably need to subsitute
+ "/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
+ Perl may live in weird places like "/opt/perl". As root, run these commands:
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DIV
+>
+ <DIV
CLASS="TIP"
><BLOCKQUOTE
CLASS="TIP"
><H3
CLASS="SECTION"
><A
-NAME="AEN343"
+NAME="AEN347"
>2.1.2.14. Setting Up the MySQL Database</A
></H3
><P
><H3
CLASS="SECTION"
><A
-NAME="AEN379"
+NAME="AEN383"
>2.1.2.15. Tweaking "localconfig"</A
></H3
><P
><P
><B
>Note: </B
-> The second time you run checksetup.pl, it is recommended you be the same
- user as your web server runs under, and that you be sure you have set the
+> The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
- name, if any. Under some systems, otherwise, checksetup.pl will goof up
- your file permissions and make them unreadable to your web server.
+ name, if any. I believe, for the next release of Bugzilla, this will
+ be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
+ as well.
+ <DIV
+CLASS="EXAMPLE"
+><A
+NAME="AEN403"
+></A
+><P
+><B
+>Example 2-2. Running checksetup.pl as the web user</B
+></P
+><P
+> Assuming your web server runs as user "apache", and Bugzilla is installed in
+ "/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
+ As root, for the <EM
+>second run</EM
+> of checksetup.pl, do this:
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DIV
+>
</P
></BLOCKQUOTE
></DIV
><H3
CLASS="SECTION"
><A
-NAME="AEN401"
->2.1.2.16. Setting Up Maintainers Manuall (Optional)</A
+NAME="AEN410"
+>2.1.2.16. Setting Up Maintainers Manually (Optional)</A
></H3
><P
> If you want to add someone else to every group by hand, you can do it
><H3
CLASS="SECTION"
><A
-NAME="AEN410"
+NAME="AEN419"
>2.1.2.17. The Whining Cron (Optional)</A
></H3
><P
><H3
CLASS="SECTION"
><A
-NAME="AEN417"
+NAME="AEN426"
>2.1.2.18. Bug Graphs (Optional)</A
></H3
><P
><H3
CLASS="SECTION"
><A
-NAME="AEN429"
+NAME="AEN438"
>2.1.2.19. Securing MySQL</A
></H3
><P
><H3
CLASS="SECTION"
><A
-NAME="AEN495"
+NAME="AEN504"
>2.1.2.20. Installation General Notes</A
></H3
><DIV
><H4
CLASS="SECTION"
><A
-NAME="AEN497"
+NAME="AEN506"
>2.1.2.20.1. Modifying Your Running System</A
></H4
><P
><H4
CLASS="SECTION"
><A
-NAME="AEN502"
+NAME="AEN511"
>2.1.2.20.2. Upgrading From Previous Versions</A
></H4
><P
><H4
CLASS="SECTION"
><A
-NAME="AEN505"
+NAME="AEN514"
>2.1.2.20.3. UNIX Installation Instructions History</A
></H4
><P
>Tip: </B
> From Andrew Pearson:
<A
-NAME="AEN624"
+NAME="AEN633"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
>Tip: </B
>"Brian" had this to add, about upgrading to Bugzilla 2.12 from previous versions:</P
><A
-NAME="AEN634"
+NAME="AEN643"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN646"
+NAME="AEN655"
></A
><P
><B
->Example 2-1. Removing encrypt() for Windows NT installations</B
+>Example 2-3. Removing encrypt() for Windows NT installations</B
></P
><P
> Replace this:
></BLOCKQUOTE
></BLOCKQUOTE
></DIV
+><DIV
+CLASS="TIP"
+><BLOCKQUOTE
+CLASS="TIP"
+><P
+><B
+>Tip: </B
+> This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
+ </P
+><P
+CLASS="LITERALLAYOUT"
+>I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you<br>
+at this moment of the commments I have to section 2.2.1 of the bugzilla<br>
+guide (at http://www.trilobyte.net/barnsons/html/).<br>
+<br>
+Step 1:<br>
+I've used apache, installation is really straightforward.<br>
+After reading the Unix installation instructions, I found that it is<br>
+necessary to add the ExecCGI option to the bugzilla directory. Also the<br>
+'AddHandler' line for .cgi is by default commented out.<br>
+<br>
+Step 3: although just a detail, 'ppm install <module%gt;' will also work<br>
+(wihtout .ppd). And, it can also download these automatically from<br>
+ActiveState.<br>
+<br>
+Step 4: although I have cygwin installed, it seems that it is not necessary.<br>
+On my machine cygwin is not in the PATH and everything seems to work as<br>
+expected.<br>
+However, I've not used everything yet.<br>
+<br>
+Step 6: the 'bugs_password' given in SQL command d needs to be edited into<br>
+localconfig later on (Step 7) if the password is not empty. I've also edited<br>
+it into globals.pl, but I'm not sure that is needed. In both places, the<br>
+variable is named db_pass.<br>
+<br>
+Step 8: all the sendmail replacements mentioned are not as simple as<br>
+described there. Since I am not familiar (yet) with perl, I don't have any<br>
+mail working yet.<br>
+<br>
+Step 9: in globals.pl the encrypt() call can be replaced by just the<br>
+unencrypted password. In CGI.pl, the complete SQL command can be removed.<br>
+<br>
+Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems<br>
+with the system() call yet.<br>
+There seem to be only four system() called programs: processmail.pl (handled<br>
+by step 10), syncshadowdb (which should probably get the same treatment as<br>
+processmail.pl), diff and mysqldump. The last one is only needed with the<br>
+shadowdb feature (which I don't use).<br>
+<br>
+There seems to be one step missing: copying the bugzilla files somehwere<br>
+that apache can serve them.<br>
+<br>
+Just noticed the updated guide... Brian's comment is new. His first comment<br>
+will work, but opens up a huge security hole.<br>
+ </P
+></BLOCKQUOTE
+></DIV
></DIV
></DIV
><DIV
database, as well as MySQL.
Here's what Dave Lawrence had to say about the status of Red Hat Bugzilla,
<A
-NAME="AEN1913"
+NAME="AEN1936"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
><LI
><P
> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
- $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ of a criminal, while the "globals.pl" stores some default information regarding your
+ installation which could aid a system cracker.
+ In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+> Bugzilla provides default .htaccess files to protect the most common Apache
+ installations. However, you should verify these are adequate according to the site-wide
+ security policy of your web server, and ensure that the .htaccess files are
+ allowed to "override" default permissions set in your Apache configuration files.
+ Covering Apache security is beyond the scope of this Guide; please consult the Apache
+ documentation for details.
+ </P
+><P
+> If you are using a web server that does not support the .htaccess control method,
+ <EM
+>you are at risk!</EM
+> After installing, check to see if you can
+ view the file "localconfig" in your web browser (ergo:
+ <A
+HREF="http://bugzilla.mozilla.org/localconfig"
+TARGET="_top"
+> http://bugzilla.mozilla.org/localconfig</A
+>. If you can read the contents of this
+ file, your web server has not secured your bugzilla directory properly and you
+ must fix this problem before deploying Bugzilla. If, however, it gives you a
+ "Forbidden" error, then it probably respects the .htaccess conventions and you
+ are good to go.
+ </P
+></BLOCKQUOTE
+></DIV
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <A
<DIV
CLASS="EXAMPLE"
><A
-NAME="AEN1963"
+NAME="AEN1986"
></A
><P
><B
<BOOKINFO>
<TITLE>The Bugzilla Guide</TITLE>
- <PUBDATE>v2.12.0, 24 April 2001</PUBDATE>
+ <PUBDATE>2001-04-25</PUBDATE>
<AUTHOR>
<FIRSTNAME>Matthew</FIRSTNAME>
<OTHERNAME>P.</OTHERNAME>
<LISTITEM>
<PARA>
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
- $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ of a criminal, while the "globals.pl" stores some default information regarding your
+ installation which could aid a system cracker.
+ In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA>
+ <NOTE>
+ <PARA>
+ Bugzilla provides default .htaccess files to protect the most common Apache
+ installations. However, you should verify these are adequate according to the site-wide
+ security policy of your web server, and ensure that the .htaccess files are
+ allowed to "override" default permissions set in your Apache configuration files.
+ Covering Apache security is beyond the scope of this Guide; please consult the Apache
+ documentation for details.
+ </PARA>
+ <PARA>
+ If you are using a web server that does not support the .htaccess control method,
+ <EMPHASIS>you are at risk!</EMPHASIS> After installing, check to see if you can
+ view the file "localconfig" in your web browser (ergo:
+ <ULINK URL="http://bugzilla.mozilla.org/localconfig">
+ http://bugzilla.mozilla.org/localconfig</ULINK>. If you can read the contents of this
+ file, your web server has not secured your bugzilla directory properly and you
+ must fix this problem before deploying Bugzilla. If, however, it gives you a
+ "Forbidden" error, then it probably respects the .htaccess conventions and you
+ are good to go.
+ </PARA>
+ </NOTE>
<PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <ULINK URL="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ULINK> for the
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+ </para>
+ <literallayout>
+> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd
+> enabled. Perhaps what would be better is a #include virtual and a
+> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.
+>
+> Please note that under most configurations, this also requires naming
+> the file from index.html to index.shtml (and making sure that it will
+> still be reconized as an index). Personally, I think this is better on
+> a per-installation basis (perhaps add something to the FAQ that says how
+> to do this).
+
+Good point. Yeah, easy enough to do, that it shouldn't be a big deal for
+someone to take it on if they want it. FAQ is a good place for it.
+
+> Dave Miller wrote:
+>
+>> I did a little experimenting with getting the command menu and footer on
+>> the end of the index page while leaving it as an HTML file...
+>>
+>> I was successful. :)
+>>
+>> I added this line:
+>>
+>> <!--#exec cmd="/usr/bin/perl -e "require 'CGI.pl';
+>>PutFooter();"" -->
+>>
+>> Just before the </BODY> </HTML> at the end of the file. And it worked.
+>>
+>> Thought I'd toss that out there. Should I check this in? For those that
+>> have SSI disabled, it'll act like a comment, so I wouldn't think it would
+>> break anything.
+ </literallayout>
+ </answer>
+ </qandaentry>
<qandaentry>
<question>
<para>
</PARA>
<TIP>
<PARA>
- HINT: If you symlink the bugzilla directory into your Apache's
+ If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the <Directory> entry
for the HTML root.
installation.
</PARA>
<PARA>
- Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
- to the correct location of your perl executable (probably /usr/bin/perl).
+ Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
+ for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
+ <EXAMPLE>
+ <TITLE>Setting up bonsaitools symlink</TITLE>
+ <PARA>
+ Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably need to subsitute
+ "/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
+ Perl may live in weird places like "/opt/perl". As root, run these commands:
+ <PROGRAMLISTING>
+bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
+ </PROGRAMLISTING>
+ </PARA>
+ </EXAMPLE>
<TIP>
<PARA>
If you don't have root access to set this symlink up, check out the
<ERRORCODE>Now regenerating the shadow database for all bugs.</ERRORCODE>
<NOTE>
<PARA>
- The second time you run checksetup.pl, it is recommended you be the same
- user as your web server runs under, and that you be sure you have set the
+ The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
- name, if any. Under some systems, otherwise, checksetup.pl will goof up
- your file permissions and make them unreadable to your web server.
+ name, if any. I believe, for the next release of Bugzilla, this will
+ be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
+ as well.
+ <EXAMPLE>
+ <TITLE>Running checksetup.pl as the web user</TITLE>
+ <PARA>
+ Assuming your web server runs as user "apache", and Bugzilla is installed in
+ "/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
+ As root, for the <EMPHASIS>second run</EMPHASIS> of checksetup.pl, do this:
+ <PROGRAMLISTING>
+bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
+ </PROGRAMLISTING>
+ </PARA>
+ </EXAMPLE>
</PARA>
</NOTE>
</PARA>
</SECTION>
<SECTION>
- <TITLE>Setting Up Maintainers Manuall (Optional)</TITLE>
+ <TITLE>Setting Up Maintainers Manually (Optional)</TITLE>
<PARA>
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run '<COMPUTEROUTPUT>
</PROCEDURE>
</BLOCKQUOTE>
</TIP>
+ <TIP>
+ <PARA>
+ This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
+ </PARA>
+ <LITERALLAYOUT>
+I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you
+at this moment of the commments I have to section 2.2.1 of the bugzilla
+guide (at http://www.trilobyte.net/barnsons/html/).
+
+Step 1:
+I've used apache, installation is really straightforward.
+After reading the Unix installation instructions, I found that it is
+necessary to add the ExecCGI option to the bugzilla directory. Also the
+'AddHandler' line for .cgi is by default commented out.
+
+Step 3: although just a detail, 'ppm install <module%gt;' will also work
+(wihtout .ppd). And, it can also download these automatically from
+ActiveState.
+
+Step 4: although I have cygwin installed, it seems that it is not necessary.
+On my machine cygwin is not in the PATH and everything seems to work as
+expected.
+However, I've not used everything yet.
+
+Step 6: the 'bugs_password' given in SQL command d needs to be edited into
+localconfig later on (Step 7) if the password is not empty. I've also edited
+it into globals.pl, but I'm not sure that is needed. In both places, the
+variable is named db_pass.
+
+Step 8: all the sendmail replacements mentioned are not as simple as
+described there. Since I am not familiar (yet) with perl, I don't have any
+mail working yet.
+
+Step 9: in globals.pl the encrypt() call can be replaced by just the
+unencrypted password. In CGI.pl, the complete SQL command can be removed.
+
+Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems
+with the system() call yet.
+There seem to be only four system() called programs: processmail.pl (handled
+by step 10), syncshadowdb (which should probably get the same treatment as
+processmail.pl), diff and mysqldump. The last one is only needed with the
+shadowdb feature (which I don't use).
+
+There seems to be one step missing: copying the bugzilla files somehwere
+that apache can serve them.
+
+Just noticed the updated guide... Brian's comment is new. His first comment
+will work, but opens up a huge security hole.
+ </LITERALLAYOUT>
+ </TIP>
</SECTION>
</SECTION>
</CHAPTER>
2.1.2.13. Installing the Bugzilla Files
2.1.2.14. Setting Up the MySQL Database
2.1.2.15. Tweaking "localconfig"
- 2.1.2.16. Setting Up Maintainers Manuall (Optional)
+ 2.1.2.16. Setting Up Maintainers Manually (Optional)
2.1.2.17. The Whining Cron (Optional)
2.1.2.18. Bug Graphs (Optional)
2.1.2.19. Securing MySQL
Glossary
List of Examples
- 2-1. Removing encrypt() for Windows NT installations
+ 2-1. Setting up bonsaitools symlink
+ 2-2. Running checksetup.pl as the web user
+ 2-3. Removing encrypt() for Windows NT installations
3-1. Creating some Components
3-2. Common Use of Versions
3-3. A Different Use of Versions
Bugzilla) and make sure you can access the files in that directory
through your web server.
- Tip: HINT: If you symlink the bugzilla directory into your Apache's
- HTML heirarchy, you may receive "Forbidden" errors unless you add
- the "FollowSymLinks" directive to the <Directory> entry for the
- HTML root.
+ Tip: If you symlink the bugzilla directory into your Apache's HTML
+ heirarchy, you may receive "Forbidden" errors unless you add the
+ "FollowSymLinks" directive to the <Directory> entry for the HTML
+ root.
Once all the files are in a web accessible directory, make that
directory writable by your webserver's user (which may require just
post-install "checksetup.pl" script, which locks down your
installation.
- Lastly, you'll need to set up a symbolic link from
- /usr/bonsaitools/bin to the correct location of your perl executable
- (probably /usr/bin/perl). Otherwise you must hack all the .cgi files
- to change where they look for perl. To make future upgrades easier,
- you should use the symlink approach.
+ Lastly, you'll need to set up a symbolic link to
+ /usr/bonsaitools/bin/perl for the correct location of your perl
+ executable (probably /usr/bin/perl). Otherwise you must hack all the
+ .cgi files to change where they look for perl. To make future upgrades
+ easier, you should use the symlink approach.
+
+ Example 2-1. Setting up bonsaitools symlink
+
+ Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably
+ need to subsitute "/usr/local/bin/perl" for "/usr/bin/perl" below; if
+ on certain other UNIX systems, Perl may live in weird places like
+ "/opt/perl". As root, run these commands:
+bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
Tip: If you don't have root access to set this symlink up, check
out the "setperl.csh" utility, listed in the Patches section of
with multiple instances. If flock() is not fully supported, it will
stall at: Now regenerating the shadow database for all bugs.
- Note: The second time you run checksetup.pl, it is recommended you
- be the same user as your web server runs under, and that you be
- sure you have set the "webservergroup" parameter in localconfig to
- match the web server's group name, if any. Under some systems,
- otherwise, checksetup.pl will goof up your file permissions and
- make them unreadable to your web server.
+ Note: The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
+ "webservergroup" parameter in localconfig to match the web server's
+ group name, if any. I believe, for the next release of Bugzilla,
+ this will be fixed so that Bugzilla supports a "webserveruser"
+ parameter in localconfig as well.
+
+ Example 2-2. Running checksetup.pl as the web user
+
+ Assuming your web server runs as user "apache", and Bugzilla is
+ installed in "/usr/local/bugzilla", here's one way to run
+ checksetup.pl as the web server user. As root, for the second run of
+ checksetup.pl, do this:
+bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
Note: The checksetup.pl script is designed so that you can run it
at any time without causing harm. You should run it after any
upgrade to Bugzilla.
_________________________________________________________________
-2.1.2.16. Setting Up Maintainers Manuall (Optional)
+2.1.2.16. Setting Up Maintainers Manually (Optional)
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run ' mysql -u root -p bugs'
2. I then ran checksetup.pl
3. I removed all the encrypt()
- Example 2-1. Removing encrypt() for Windows NT installations
+ Example 2-3. Removing encrypt() for Windows NT installations
Replace this:
SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " .
The quotes around the dir is for the spaces. mail.log is for the
output
+
+ Tip: This was some late breaking information from Jan Evert. Sorry
+ for the lack of formatting.
+
+ I'm busy installing bugzilla on a WinNT machine and I thought I'd n
+ otify you
+ at this moment of the commments I have to section 2.2.1 of the bugz
+ illa
+ guide (at http://www.trilobyte.net/barnsons/html/).
+ Step 1:
+ I've used apache, installation is really straightforward.
+ After reading the Unix installation instructions, I found that it i
+ s
+ necessary to add the ExecCGI option to the bugzilla directory. Also
+ the
+ 'AddHandler' line for .cgi is by default commented out.
+ Step 3: although just a detail, 'ppm install <module%gt;' will also
+ work
+ (wihtout .ppd). And, it can also download these automatically from
+ ActiveState.
+ Step 4: although I have cygwin installed, it seems that it is not n
+ ecessary.
+ On my machine cygwin is not in the PATH and everything seems to wor
+ k as
+ expected.
+ However, I've not used everything yet.
+ Step 6: the 'bugs_password' given in SQL command d needs to be edit
+ ed into
+ localconfig later on (Step 7) if the password is not empty. I've al
+ so edited
+ it into globals.pl, but I'm not sure that is needed. In both places
+ , the
+ variable is named db_pass.
+ Step 8: all the sendmail replacements mentioned are not as simple a
+ s
+ described there. Since I am not familiar (yet) with perl, I don't h
+ ave any
+ mail working yet.
+ Step 9: in globals.pl the encrypt() call can be replaced by just th
+ e
+ unencrypted password. In CGI.pl, the complete SQL command can be re
+ moved.
+ Step 11: I've only changed the #! lines in *.cgi. I haven't noticed
+ problems
+ with the system() call yet.
+ There seem to be only four system() called programs: processmail.pl
+ (handled
+ by step 10), syncshadowdb (which should probably get the same treat
+ ment as
+ processmail.pl), diff and mysqldump. The last one is only needed wi
+ th the
+ shadowdb feature (which I don't use).
+ There seems to be one step missing: copying the bugzilla files some
+ hwere
+ that apache can serve them.
+ Just noticed the updated guide... Brian's comment is new. His first
+ comment
+ will work, but opens up a huge security hole.
_________________________________________________________________
Chapter 3. Administering Bugzilla
user with a name, set via your httpd.conf file.
5. Ensure you have adequate access controls for the
$BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
- well as the $BUGZILLA_HOME/localconfig file. The localconfig file
- stores your "bugs" user password, which would be terrible to have
- in the hands of a criminal. Also some files under
- $BUGZILLA_HOME/data/ store sensitive information, and
- $BUGZILLA_HOME/shadow/ stores bug information for faster
- retrieval. If you fail to secure these directories and this file,
- you will expose bug information to those who may not be allowed to
- see it.
+ well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files. The localconfig file stores your
+ "bugs" user password, which would be terrible to have in the hands
+ of a criminal, while the "globals.pl" stores some default
+ information regarding your installation which could aid a system
+ cracker. In addition, some files under $BUGZILLA_HOME/data/ store
+ sensitive information, and $BUGZILLA_HOME/shadow/ stores bug
+ information for faster retrieval. If you fail to secure these
+ directories and this file, you will expose bug information to
+ those who may not be allowed to see it.
+
+ Note: Bugzilla provides default .htaccess files to protect the most
+ common Apache installations. However, you should verify these are
+ adequate according to the site-wide security policy of your web
+ server, and ensure that the .htaccess files are allowed to
+ "override" default permissions set in your Apache configuration
+ files. Covering Apache security is beyond the scope of this Guide;
+ please consult the Apache documentation for details.
+ If you are using a web server that does not support the .htaccess
+ control method, you are at risk! After installing, check to see if
+ you can view the file "localconfig" in your web browser (ergo:
+ http://bugzilla.mozilla.org/localconfig. If you can read the
+ contents of this file, your web server has not secured your
+ bugzilla directory properly and you must fix this problem before
+ deploying Bugzilla. If, however, it gives you a "Forbidden" error,
+ then it probably respects the .htaccess conventions and you are
+ good to go.
On Apache, you can use .htaccess files to protect access to these
directories, as outlined in Bug 57161 for the localconfig file,
and Bug 65572 for adequate protection in your data/ and shadow/
of fields and format of them, and the choice of
acceptable values?
- A.4.7. Does Bugzilla provide any reporting features, metrics,
+ A.4.7. The index.html page doesn't show the footer. It's really
+ annoying to have to go to the querypage just to check my
+ "my bugs" link. How do I get a footer on static HTML
+ pages?
+
+ A.4.8. Does Bugzilla provide any reporting features, metrics,
graphs, etc? You know, the type of stuff that management
likes to see. :)
- A.4.8. Is there email notification and if so, what do you see
+ A.4.9. Is there email notification and if so, what do you see
when you get an email? Do you see bug number and title or
is it only the number?
- A.4.9. Can email notification be set up to send to multiple
+ A.4.10. Can email notification be set up to send to multiple
people, some on the To List, CC List, BCC List etc?
- A.4.10. If there is email notification, do users have to have any
+ A.4.11. If there is email notification, do users have to have any
particular type of email application?
- A.4.11. If I just wanted to track certain bugs, as they go
+ A.4.12. If I just wanted to track certain bugs, as they go
through life, can I set it up to alert me via email
whenever that bug changes, whether it be owner, status or
description etc.?
- A.4.12. Does Bugzilla allow data to be imported and exported? If
+ A.4.13. Does Bugzilla allow data to be imported and exported? If
I had outsiders write up a bug report using a MS Word bug
template, could that template be imported into "matching"
fields? If I wanted to take the results of a query and
export that data to MS Excel, could I do that?
- A.4.13. Does Bugzilla allow fields to be added, changed or
+ A.4.14. Does Bugzilla allow fields to be added, changed or
deleted? If I want to customize the bug submission form
to meet our needs, can I do that using our terminology?
- A.4.14. Has anyone converted Bugzilla to another language to be
+ A.4.15. Has anyone converted Bugzilla to another language to be
used in other countries? Is it localizable?
- A.4.15. Can a user create and save reports? Can they do this in
+ A.4.16. Can a user create and save reports? Can they do this in
Word format? Excel format?
- A.4.16. Can a user re-run a report with a new project, same
+ A.4.17. Can a user re-run a report with a new project, same
query?
- A.4.17. Can a user modify an existing report and then save it
+ A.4.18. Can a user modify an existing report and then save it
into another name?
- A.4.18. Does Bugzilla have the ability to search by word, phrase,
+ A.4.19. Does Bugzilla have the ability to search by word, phrase,
compound search?
- A.4.19. Can the admin person establish separate group and
+ A.4.20. Can the admin person establish separate group and
individual user privileges?
- A.4.20. Does Bugzilla provide record locking when there is
+ A.4.21. Does Bugzilla provide record locking when there is
simultaneous access to the same bug? Does the second
person get a notice that the bug is in use or how are
they notified?
- A.4.21. Are there any backup features provided?
- A.4.22. Can users be on the system while a backup is in progress?
+ A.4.22. Are there any backup features provided?
+ A.4.23. Can users be on the system while a backup is in progress?
- A.4.23. What type of human resources are needed to be on staff to
+ A.4.24. What type of human resources are needed to be on staff to
install and maintain Bugzilla? Specifically, what type of
skills does the person need to have? I need to find out
if we were to go with Bugzilla, what types of individuals
would we need to hire and how much would that cost vs
buying an "Out-of-the-Box" solution.
- A.4.24. What time frame are we looking at if we decide to hire
+ A.4.25. What time frame are we looking at if we decide to hire
people to install and maintain the Bugzilla? Is this
something that takes hours or weeks to install and a
couple of hours per week to maintain and customize or is
this a multi-week install process, plus a full time job
for 1 person, 2 people, etc?
- A.4.25. Is there any licensing fee or other fees for using
+ A.4.26. Is there any licensing fee or other fees for using
Bugzilla? Any out-of-pocket cost other than the bodies
needed as identified above?
progression states, also require adjusting the program logic to
compensate for the change.
- A.4.7. Does Bugzilla provide any reporting features, metrics, graphs,
+ A.4.7. The index.html page doesn't show the footer. It's really
+ annoying to have to go to the querypage just to check my "my bugs"
+ link. How do I get a footer on static HTML pages?
+
+ This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+
+ > AFAIK, most sites (even if they have SSI enabled) won't have #exec c
+ md
+ > enabled. Perhaps what would be better is a #include virtual and a
+ > footer.cgi the basically has the "require 'CGI.pl' and PutFooter com
+ mand.
+ >
+ > Please note that under most configurations, this also requires namin
+ g
+ > the file from index.html to index.shtml (and making sure that it wil
+ l
+ > still be reconized as an index). Personally, I think this is better
+ on
+ > a per-installation basis (perhaps add something to the FAQ that says
+ how
+ > to do this).
+ Good point. Yeah, easy enough to do, that it shouldn't be a big deal
+ for
+ someone to take it on if they want it. FAQ is a good place for it.
+ > Dave Miller wrote:
+ >
+ >> I did a little experimenting with getting the command menu and foot
+ er on
+ >> the end of the index page while leaving it as an HTML file...
+ >>
+ >> I was successful. :)
+ >>
+ >> I added this line:
+ >>
+ >>
+ >>
+ >> Just before the </BODY> </HTML> at the end of the file. And it wor
+ ked.
+ >>
+ >> Thought I'd toss that out there. Should I check this in? For thos
+ e that
+ >> have SSI disabled, it'll act like a comment, so I wouldn't think it
+ would
+ >> break anything.
+
+ A.4.8. Does Bugzilla provide any reporting features, metrics, graphs,
etc? You know, the type of stuff that management likes to see. :)
Yes. Look at http://bugzilla.mozilla.org/reports.cgi for basic
Advanced Reporting is a Bugzilla 3.X proposed feature.
- A.4.8. Is there email notification and if so, what do you see when you
+ A.4.9. Is there email notification and if so, what do you see when you
get an email? Do you see bug number and title or is it only the
number?
bug report accompany each email notification, along with a list of the
changes made.
- A.4.9. Can email notification be set up to send to multiple people,
+ A.4.10. Can email notification be set up to send to multiple people,
some on the To List, CC List, BCC List etc?
Yes.
- A.4.10. If there is email notification, do users have to have any
+ A.4.11. If there is email notification, do users have to have any
particular type of email application?
Bugzilla email is sent in plain text, the most compatible mail format
user sends HTML-based email into Bugzilla the resulting comment
looks downright awful.
- A.4.11. If I just wanted to track certain bugs, as they go through
+ A.4.12. If I just wanted to track certain bugs, as they go through
life, can I set it up to alert me via email whenever that bug changes,
whether it be owner, status or description etc.?
tab of the User Preferences screen in Bugzilla to the "Only those bugs
which I am listed on the CC line" option.
- A.4.12. Does Bugzilla allow data to be imported and exported? If I had
+ A.4.13. Does Bugzilla allow data to be imported and exported? If I had
outsiders write up a bug report using a MS Word bug template, could
that template be imported into "matching" fields? If I wanted to take
the results of a query and export that data to MS Excel, could I do
find an excellent example at
http://www.mozilla.org/quality/help/bugzilla-helper.html
- A.4.13. Does Bugzilla allow fields to be added, changed or deleted? If
+ A.4.14. Does Bugzilla allow fields to be added, changed or deleted? If
I want to customize the bug submission form to meet our needs, can I
do that using our terminology?
Yes.
- A.4.14. Has anyone converted Bugzilla to another language to be used
+ A.4.15. Has anyone converted Bugzilla to another language to be used
in other countries? Is it localizable?
Currently, no. Internationalization support for Perl did not exist in
a robust fashion until the recent release of version 5.6.0; Bugzilla
is, and likely will remain (until 3.X) completely non-localized.
- A.4.15. Can a user create and save reports? Can they do this in Word
+ A.4.16. Can a user create and save reports? Can they do this in Word
format? Excel format?
Yes. No. No.
- A.4.16. Can a user re-run a report with a new project, same query?
+ A.4.17. Can a user re-run a report with a new project, same query?
Yes.
- A.4.17. Can a user modify an existing report and then save it into
+ A.4.18. Can a user modify an existing report and then save it into
another name?
You can save an unlimited number of queries in Bugzilla. You are free
to modify them and rename them to your heart's desire.
- A.4.18. Does Bugzilla have the ability to search by word, phrase,
+ A.4.19. Does Bugzilla have the ability to search by word, phrase,
compound search?
You have no idea. Bugzilla's query interface, particularly with the
advanced Boolean operators, is incredibly versatile.
- A.4.19. Can the admin person establish separate group and individual
+ A.4.20. Can the admin person establish separate group and individual
user privileges?
Yes.
- A.4.20. Does Bugzilla provide record locking when there is
+ A.4.21. Does Bugzilla provide record locking when there is
simultaneous access to the same bug? Does the second person get a
notice that the bug is in use or how are they notified?
detection, and offers the offending user a choice of options to deal
with the conflict.
- A.4.21. Are there any backup features provided?
+ A.4.22. Are there any backup features provided?
MySQL, the database back-end for Bugzilla, allows hot-backup of data.
You can find strategies for dealing with backup considerations at
http://www.mysql.com/doc/B/a/Backup.html
- A.4.22. Can users be on the system while a backup is in progress?
+ A.4.23. Can users be on the system while a backup is in progress?
Yes. However, commits to the database must wait until the tables are
unlocked. Bugzilla databases are typically very small, and backups
routinely take less than a minute.
- A.4.23. What type of human resources are needed to be on staff to
+ A.4.24. What type of human resources are needed to be on staff to
install and maintain Bugzilla? Specifically, what type of skills does
the person need to have? I need to find out if we were to go with
Bugzilla, what types of individuals would we need to hire and how much
me three to five hours to make Bugzilla happy on a Development
installation of Linux-Mandrake.
- A.4.24. What time frame are we looking at if we decide to hire people
+ A.4.25. What time frame are we looking at if we decide to hire people
to install and maintain the Bugzilla? Is this something that takes
hours or weeks to install and a couple of hours per week to maintain
and customize or is this a multi-week install process, plus a full
UNIX or Perl skills to handle your process management and bug-tracking
maintenance & customization.
- A.4.25. Is there any licensing fee or other fees for using Bugzilla?
+ A.4.26. Is there any licensing fee or other fees for using Bugzilla?
Any out-of-pocket cost other than the bodies needed as identified
above?
<BOOKINFO>
<TITLE>The Bugzilla Guide</TITLE>
- <PUBDATE>v2.12.0, 24 April 2001</PUBDATE>
+ <PUBDATE>2001-04-25</PUBDATE>
<AUTHOR>
<FIRSTNAME>Matthew</FIRSTNAME>
<OTHERNAME>P.</OTHERNAME>
<LISTITEM>
<PARA>
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
- $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig and
+ $BUGZILLA_HOME/globals.pl files.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ of a criminal, while the "globals.pl" stores some default information regarding your
+ installation which could aid a system cracker.
+ In addition, some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA>
+ <NOTE>
+ <PARA>
+ Bugzilla provides default .htaccess files to protect the most common Apache
+ installations. However, you should verify these are adequate according to the site-wide
+ security policy of your web server, and ensure that the .htaccess files are
+ allowed to "override" default permissions set in your Apache configuration files.
+ Covering Apache security is beyond the scope of this Guide; please consult the Apache
+ documentation for details.
+ </PARA>
+ <PARA>
+ If you are using a web server that does not support the .htaccess control method,
+ <EMPHASIS>you are at risk!</EMPHASIS> After installing, check to see if you can
+ view the file "localconfig" in your web browser (ergo:
+ <ULINK URL="http://bugzilla.mozilla.org/localconfig">
+ http://bugzilla.mozilla.org/localconfig</ULINK>. If you can read the contents of this
+ file, your web server has not secured your bugzilla directory properly and you
+ must fix this problem before deploying Bugzilla. If, however, it gives you a
+ "Forbidden" error, then it probably respects the .htaccess conventions and you
+ are good to go.
+ </PARA>
+ </NOTE>
<PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined
in <ULINK URL="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ULINK> for the
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ The index.html page doesn't show the footer. It's really annoying to have
+ to go to the querypage just to check my "my bugs" link. How do I get a footer
+ on static HTML pages?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This was a late-breaking question for the Guide, so I just have to
+ quote the relevant newsgroup thread on it.
+ </para>
+ <literallayout>
+> AFAIK, most sites (even if they have SSI enabled) won't have #exec cmd
+> enabled. Perhaps what would be better is a #include virtual and a
+> footer.cgi the basically has the "require 'CGI.pl' and PutFooter command.
+>
+> Please note that under most configurations, this also requires naming
+> the file from index.html to index.shtml (and making sure that it will
+> still be reconized as an index). Personally, I think this is better on
+> a per-installation basis (perhaps add something to the FAQ that says how
+> to do this).
+
+Good point. Yeah, easy enough to do, that it shouldn't be a big deal for
+someone to take it on if they want it. FAQ is a good place for it.
+
+> Dave Miller wrote:
+>
+>> I did a little experimenting with getting the command menu and footer on
+>> the end of the index page while leaving it as an HTML file...
+>>
+>> I was successful. :)
+>>
+>> I added this line:
+>>
+>> <!--#exec cmd="/usr/bin/perl -e "require 'CGI.pl';
+>>PutFooter();"" -->
+>>
+>> Just before the </BODY> </HTML> at the end of the file. And it worked.
+>>
+>> Thought I'd toss that out there. Should I check this in? For those that
+>> have SSI disabled, it'll act like a comment, so I wouldn't think it would
+>> break anything.
+ </literallayout>
+ </answer>
+ </qandaentry>
<qandaentry>
<question>
<para>
</PARA>
<TIP>
<PARA>
- HINT: If you symlink the bugzilla directory into your Apache's
+ If you symlink the bugzilla directory into your Apache's
HTML heirarchy, you may receive "Forbidden" errors unless you
add the "FollowSymLinks" directive to the <Directory> entry
for the HTML root.
installation.
</PARA>
<PARA>
- Lastly, you'll need to set up a symbolic link from /usr/bonsaitools/bin
- to the correct location of your perl executable (probably /usr/bin/perl).
+ Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl
+ for the correct location of your perl executable (probably /usr/bin/perl).
Otherwise you must hack all the .cgi files to change where they look
for perl. To make future upgrades easier, you should use the symlink
approach.
+ <EXAMPLE>
+ <TITLE>Setting up bonsaitools symlink</TITLE>
+ <PARA>
+ Here's how you set up the Perl symlink on Linux to make Bugzilla work.
+ Your mileage may vary; if you are running on Solaris, you probably need to subsitute
+ "/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems,
+ Perl may live in weird places like "/opt/perl". As root, run these commands:
+ <PROGRAMLISTING>
+bash# mkdir /usr/bonsaitools
+bash# mkdir /usr/bonsaitools/bin
+bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
+ </PROGRAMLISTING>
+ </PARA>
+ </EXAMPLE>
<TIP>
<PARA>
If you don't have root access to set this symlink up, check out the
<ERRORCODE>Now regenerating the shadow database for all bugs.</ERRORCODE>
<NOTE>
<PARA>
- The second time you run checksetup.pl, it is recommended you be the same
- user as your web server runs under, and that you be sure you have set the
+ The second time you run checksetup.pl, you should become the
+ user your web server runs as, and that you ensure you have set the
"webservergroup" parameter in localconfig to match the web server's group
- name, if any. Under some systems, otherwise, checksetup.pl will goof up
- your file permissions and make them unreadable to your web server.
+ name, if any. I believe, for the next release of Bugzilla, this will
+ be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig
+ as well.
+ <EXAMPLE>
+ <TITLE>Running checksetup.pl as the web user</TITLE>
+ <PARA>
+ Assuming your web server runs as user "apache", and Bugzilla is installed in
+ "/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user.
+ As root, for the <EMPHASIS>second run</EMPHASIS> of checksetup.pl, do this:
+ <PROGRAMLISTING>
+bash# chown -R apache:apache /usr/local/bugzilla
+bash# su - apache
+bash# cd /usr/local/bugzilla
+bash# ./checksetup.pl
+ </PROGRAMLISTING>
+ </PARA>
+ </EXAMPLE>
</PARA>
</NOTE>
</PARA>
</SECTION>
<SECTION>
- <TITLE>Setting Up Maintainers Manuall (Optional)</TITLE>
+ <TITLE>Setting Up Maintainers Manually (Optional)</TITLE>
<PARA>
If you want to add someone else to every group by hand, you can do it
by typing the appropriate MySQL commands. Run '<COMPUTEROUTPUT>
</PROCEDURE>
</BLOCKQUOTE>
</TIP>
+ <TIP>
+ <PARA>
+ This was some late breaking information from Jan Evert. Sorry for the lack of formatting.
+ </PARA>
+ <LITERALLAYOUT>
+I'm busy installing bugzilla on a WinNT machine and I thought I'd notify you
+at this moment of the commments I have to section 2.2.1 of the bugzilla
+guide (at http://www.trilobyte.net/barnsons/html/).
+
+Step 1:
+I've used apache, installation is really straightforward.
+After reading the Unix installation instructions, I found that it is
+necessary to add the ExecCGI option to the bugzilla directory. Also the
+'AddHandler' line for .cgi is by default commented out.
+
+Step 3: although just a detail, 'ppm install <module%gt;' will also work
+(wihtout .ppd). And, it can also download these automatically from
+ActiveState.
+
+Step 4: although I have cygwin installed, it seems that it is not necessary.
+On my machine cygwin is not in the PATH and everything seems to work as
+expected.
+However, I've not used everything yet.
+
+Step 6: the 'bugs_password' given in SQL command d needs to be edited into
+localconfig later on (Step 7) if the password is not empty. I've also edited
+it into globals.pl, but I'm not sure that is needed. In both places, the
+variable is named db_pass.
+
+Step 8: all the sendmail replacements mentioned are not as simple as
+described there. Since I am not familiar (yet) with perl, I don't have any
+mail working yet.
+
+Step 9: in globals.pl the encrypt() call can be replaced by just the
+unencrypted password. In CGI.pl, the complete SQL command can be removed.
+
+Step 11: I've only changed the #! lines in *.cgi. I haven't noticed problems
+with the system() call yet.
+There seem to be only four system() called programs: processmail.pl (handled
+by step 10), syncshadowdb (which should probably get the same treatment as
+processmail.pl), diff and mysqldump. The last one is only needed with the
+shadowdb feature (which I don't use).
+
+There seems to be one step missing: copying the bugzilla files somehwere
+that apache can serve them.
+
+Just noticed the updated guide... Brian's comment is new. His first comment
+will work, but opens up a huge security hole.
+ </LITERALLAYOUT>
+ </TIP>
</SECTION>
</SECTION>
</CHAPTER>
projects / thirdparty / bugzilla.git / commitdiff
