mirror of
https://github.com/django/django.git
synced 2024-12-26 11:06:07 +00:00
90fb6a4648
Most of the credit for this large patch goes to Anssi Kääriäinen. Many thanks to all the people who contributed to the discussion.
214 lines
8.7 KiB
Plaintext
214 lines
8.7 KiB
Plaintext
======================================
|
|
Reporting bugs and requesting features
|
|
======================================
|
|
|
|
Before reporting a bug or requesting a new feature, please consider these
|
|
general points:
|
|
|
|
* Check that someone hasn't already filed the bug or feature request by
|
|
`searching`_ or running `custom queries`_ in the ticket tracker.
|
|
|
|
* Don't use the ticket system to ask support questions. Use the
|
|
`django-users`_ list or the `#django`_ IRC channel for that.
|
|
|
|
* Don't reopen issues that have been marked "wontfix" by a core developer.
|
|
This mark means that the decision has been made that we can't or won't fix
|
|
this particular issue. If you're not sure why, please ask
|
|
on `django-developers`_.
|
|
|
|
* Don't use the ticket tracker for lengthy discussions, because they're
|
|
likely to get lost. If a particular ticket is controversial, please move the
|
|
discussion to `django-developers`_.
|
|
|
|
.. _reporting-bugs:
|
|
|
|
Reporting bugs
|
|
--------------
|
|
|
|
Well-written bug reports are *incredibly* helpful. However, there's a certain
|
|
amount of overhead involved in working with any bug tracking system so your
|
|
help in keeping our ticket tracker as useful as possible is appreciated. In
|
|
particular:
|
|
|
|
* **Do** read the :doc:`FAQ </faq/index>` to see if your issue might
|
|
be a well-known question.
|
|
|
|
* **Do** ask on `django-users`_ or `#django`_ *first* if you're not sure if
|
|
what you're seeing is a bug.
|
|
|
|
* **Do** write complete, reproducible, specific bug reports. You must
|
|
include a clear, concise description of the problem, and a set of
|
|
instructions for replicating it. Add as much debug information as you can:
|
|
code snippets, test cases, exception backtraces, screenshots, etc. A nice
|
|
small test case is the best way to report a bug, as it gives us an easy
|
|
way to confirm the bug quickly.
|
|
|
|
* **Don't** post to `django-developers`_ just to announce that you have
|
|
filed a bug report. All the tickets are mailed to another list,
|
|
`django-updates`_, which is tracked by developers and interested
|
|
community members; we see them as they are filed.
|
|
|
|
To understand the lifecycle of your ticket once you have created it, refer to
|
|
:doc:`triaging-tickets`.
|
|
|
|
.. _django-updates: http://groups.google.com/group/django-updates
|
|
|
|
.. _reporting-security-issues:
|
|
|
|
Reporting security issues
|
|
-------------------------
|
|
|
|
.. Important::
|
|
|
|
Please report security issues **only** to security@djangoproject.com.
|
|
This is a private list only open to long-time, highly trusted Django
|
|
developers, and its archives are not publicly readable.
|
|
|
|
In the event of a confirmed vulnerability in Django itself, we will take the
|
|
following actions:
|
|
|
|
* Acknowledge to the reporter that we've received the report and that a
|
|
fix is forthcoming. We'll give a rough timeline and ask the reporter
|
|
to keep the issue confidential until we announce it.
|
|
|
|
* Focus on developing a fix as quickly as possible and produce patches
|
|
against the current and two previous releases.
|
|
|
|
* Determine a go-public date for announcing the vulnerability and the fix.
|
|
To try to mitigate a possible "arms race" between those applying the
|
|
patch and those trying to exploit the hole, we will not announce
|
|
security problems immediately.
|
|
|
|
* Pre-notify third-party distributors of Django ("vendors"). We will send
|
|
these vendor notifications through private email which will include
|
|
documentation of the vulnerability, links to the relevant patch(es), and
|
|
a request to keep the vulnerability confidential until the official
|
|
go-public date.
|
|
|
|
* Publicly announce the vulnerability and the fix on the pre-determined
|
|
go-public date. This will probably mean a new release of Django, but
|
|
in some cases it may simply be patches against current releases.
|
|
|
|
Reporting user interface bugs and features
|
|
------------------------------------------
|
|
|
|
If your bug or feature request touches on anything visual in nature, there
|
|
are a few additional guidelines to follow:
|
|
|
|
* Include screenshots in your ticket which are the visual equivalent of a
|
|
minimal testcase. Show off the issue, not the crazy customizations
|
|
you've made to your browser.
|
|
|
|
* If the issue is difficult to show off using a still image, consider
|
|
capturing a *brief* screencast. If your software permits it, capture only
|
|
the relevant area of the screen.
|
|
|
|
* If you're offering a patch which changes the look or behavior of Django's
|
|
UI, you **must** attach before *and* after screenshots/screencasts.
|
|
Tickets lacking these are difficult for triagers and core developers to
|
|
assess quickly.
|
|
|
|
* Screenshots don't absolve you of other good reporting practices. Make sure
|
|
to include URLs, code snippets, and step-by-step instructions on how to
|
|
reproduce the behavior visible in the screenshots.
|
|
|
|
* Make sure to set the UI/UX flag on the ticket so interested parties can
|
|
find your ticket.
|
|
|
|
Requesting features
|
|
-------------------
|
|
|
|
We're always trying to make Django better, and your feature requests are a key
|
|
part of that. Here are some tips on how to make a request most effectively:
|
|
|
|
* Make sure the feature actually requires changes in Django's core. If your
|
|
idea can be developed as an independent application or module — for
|
|
instance, you want to support another database engine — we'll probably
|
|
suggest that you to develop it independently. Then, if your project
|
|
gathers sufficient community support, we may consider it for inclusion in
|
|
Django.
|
|
|
|
* First request the feature on the `django-developers`_ list, not in the
|
|
ticket tracker. It'll get read more closely if it's on the mailing list.
|
|
This is even more important for large-scale feature requests. We like to
|
|
discuss any big changes to Django's core on the mailing list before
|
|
actually working on them.
|
|
|
|
* Describe clearly and concisely what the missing feature is and how you'd
|
|
like to see it implemented. Include example code (non-functional is OK)
|
|
if possible.
|
|
|
|
* Explain *why* you'd like the feature. In some cases this is obvious, but
|
|
since Django is designed to help real developers get real work done,
|
|
you'll need to explain it, if it isn't obvious why the feature would be
|
|
useful.
|
|
|
|
If core developers agree on the feature, then it's appropriate to create a
|
|
ticket. Include a link the discussion on `django-developers`_ in the ticket
|
|
description.
|
|
|
|
As with most open-source projects, code talks. If you are willing to write the
|
|
code for the feature yourself or, even better, if you've already written it,
|
|
it's much more likely to be accepted. Just fork Django on GitHub, create a
|
|
feature branch, and show us your work!
|
|
|
|
See also: :ref:`documenting-new-features`.
|
|
|
|
.. _how-we-make-decisions:
|
|
|
|
How we make decisions
|
|
---------------------
|
|
|
|
Whenever possible, we strive for a rough consensus. To that end, we'll often
|
|
have informal votes on `django-developers`_ about a feature. In these votes we
|
|
follow the voting style invented by Apache and used on Python itself, where
|
|
votes are given as +1, +0, -0, or -1. Roughly translated, these votes mean:
|
|
|
|
* +1: "I love the idea and I'm strongly committed to it."
|
|
|
|
* +0: "Sounds OK to me."
|
|
|
|
* -0: "I'm not thrilled, but I won't stand in the way."
|
|
|
|
* -1: "I strongly disagree and would be very unhappy to see the idea turn
|
|
into reality."
|
|
|
|
Although these votes on `django-developers`_ are informal, they'll be taken very
|
|
seriously. After a suitable voting period, if an obvious consensus arises we'll
|
|
follow the votes.
|
|
|
|
However, consensus is not always possible. If consensus cannot be reached, or
|
|
if the discussion towards a consensus fizzles out without a concrete decision,
|
|
we use a more formal process.
|
|
|
|
Any :doc:`core committer</internals/committers>` may call for a formal vote
|
|
using the same voting mechanism above. A proposition will be considered carried
|
|
by the core team if:
|
|
|
|
* There are three "+1" votes from members of the core team.
|
|
|
|
* There is no "-1" vote from any member of the core team.
|
|
|
|
* The :ref:`BDFLs<django-bdfls>` haven't stepped in and executed their
|
|
positive or negative veto.
|
|
|
|
When calling for a vote, the caller should specify a deadline by which
|
|
votes must be received. One week is generally suggested as the minimum
|
|
amount of time.
|
|
|
|
Since this process allows any core committer to veto a proposal, any "-1"
|
|
votes (or BDFL vetos) should be accompanied by an explanation that explains
|
|
what it would take to convert that "-1" into at least a "+0".
|
|
|
|
Whenever possible, these formal votes should be announced and held in
|
|
public on the `django-developers`_ mailing list. However, overly sensitive
|
|
or contentious issues -- including, most notably, votes on new core
|
|
committers -- may be held in private.
|
|
|
|
|
|
.. _searching: https://code.djangoproject.com/search
|
|
.. _custom queries: https://code.djangoproject.com/query
|
|
.. _django-developers: http://groups.google.com/group/django-developers
|
|
.. _django-users: http://groups.google.com/group/django-users
|
|
.. _#django: irc://irc.freenode.net/django
|