| ====================================== |
| Reporting bugs and requesting features |
| ====================================== |
| |
| Before reporting a bug or requesting a new feature, please consider these |
| general points: |
| |
| * Check that someone hasn't already filed the bug or feature request by |
| `searching`_ or running `custom queries`_ in the ticket tracker. |
| |
| * Don't use the ticket system to ask support questions. Use the |
| `django-users`_ list or the `#django`_ IRC channel for that. |
| |
| * Don't reopen issues that have been marked "wontfix" by a core developer. |
| This mark means that the decision has been made that we can't or won't fix |
| this particular issue. If you're not sure why, please ask |
| on `django-developers`_. |
| |
| * Don't use the ticket tracker for lengthy discussions, because they're |
| likely to get lost. If a particular ticket is controversial, please move the |
| discussion to `django-developers`_. |
| |
| .. _reporting-bugs: |
| |
| Reporting bugs |
| -------------- |
| |
| Well-written bug reports are *incredibly* helpful. However, there's a certain |
| amount of overhead involved in working with any bug tracking system so your |
| help in keeping our ticket tracker as useful as possible is appreciated. In |
| particular: |
| |
| * **Do** read the :doc:`FAQ </faq/index>` to see if your issue might |
| be a well-known question. |
| |
| * **Do** ask on `django-users`_ or `#django`_ *first* if you're not sure if |
| what you're seeing is a bug. |
| |
| * **Do** write complete, reproducible, specific bug reports. You must |
| include a clear, concise description of the problem, and a set of |
| instructions for replicating it. Add as much debug information as you can: |
| code snippets, test cases, exception backtraces, screenshots, etc. A nice |
| small test case is the best way to report a bug, as it gives us an easy |
| way to confirm the bug quickly. |
| |
| * **Don't** post to `django-developers`_ just to announce that you have |
| filed a bug report. All the tickets are mailed to another list, |
| `django-updates`_, which is tracked by developers and interested |
| community members; we see them as they are filed. |
| |
| To understand the lifecycle of your ticket once you have created it, refer to |
| :doc:`triaging-tickets`. |
| |
| .. _django-updates: http://groups.google.com/group/django-updates |
| |
| .. _reporting-security-issues: |
| |
| Reporting security issues |
| ------------------------- |
| |
| .. Important:: |
| |
| Please report security issues **only** to security@djangoproject.com. |
| This is a private list only open to long-time, highly trusted Django |
| developers, and its archives are not publicly readable. |
| |
| In the event of a confirmed vulnerability in Django itself, we will take the |
| following actions: |
| |
| * Acknowledge to the reporter that we've received the report and that a |
| fix is forthcoming. We'll give a rough timeline and ask the reporter |
| to keep the issue confidential until we announce it. |
| |
| * Focus on developing a fix as quickly as possible and produce patches |
| against the current and two previous releases. |
| |
| * Determine a go-public date for announcing the vulnerability and the fix. |
| To try to mitigate a possible "arms race" between those applying the |
| patch and those trying to exploit the hole, we will not announce |
| security problems immediately. |
| |
| * Pre-notify third-party distributors of Django ("vendors"). We will send |
| these vendor notifications through private email which will include |
| documentation of the vulnerability, links to the relevant patch(es), and |
| a request to keep the vulnerability confidential until the official |
| go-public date. |
| |
| * Publicly announce the vulnerability and the fix on the pre-determined |
| go-public date. This will probably mean a new release of Django, but |
| in some cases it may simply be patches against current releases. |
| |
| Reporting user interface bugs and features |
| ------------------------------------------ |
| |
| If your bug or feature request touches on anything visual in nature, there |
| are a few additional guidelines to follow: |
| |
| * Include screenshots in your ticket which are the visual equivalent of a |
| minimal testcase. Show off the issue, not the crazy customizations |
| you've made to your browser. |
| |
| * If the issue is difficult to show off using a still image, consider |
| capturing a *brief* screencast. If your software permits it, capture only |
| the relevant area of the screen. |
| |
| * If you're offering a patch which changes the look or behavior of Django's |
| UI, you **must** attach before *and* after screenshots/screencasts. |
| Tickets lacking these are difficult for triagers and core developers to |
| assess quickly. |
| |
| * Screenshots don't absolve you of other good reporting practices. Make sure |
| to include URLs, code snippets, and step-by-step instructions on how to |
| reproduce the behavior visible in the screenshots. |
| |
| * Make sure to set the UI/UX flag on the ticket so interested parties can |
| find your ticket. |
| |
| Requesting features |
| ------------------- |
| |
| We're always trying to make Django better, and your feature requests are a key |
| part of that. Here are some tips on how to make a request most effectively: |
| |
| * Make sure the feature actually requires changes in Django's core. If your |
| idea can be developed as an independent application or module — for |
| instance, you want to support another database engine — we'll probably |
| suggest that you to develop it independently. Then, if your project |
| gathers sufficient community support, we may consider it for inclusion in |
| Django. |
| |
| * First request the feature on the `django-developers`_ list, not in the |
| ticket tracker. It'll get read more closely if it's on the mailing list. |
| This is even more important for large-scale feature requests. We like to |
| discuss any big changes to Django's core on the mailing list before |
| actually working on them. |
| |
| * Describe clearly and concisely what the missing feature is and how you'd |
| like to see it implemented. Include example code (non-functional is OK) |
| if possible. |
| |
| * Explain *why* you'd like the feature. In some cases this is obvious, but |
| since Django is designed to help real developers get real work done, |
| you'll need to explain it, if it isn't obvious why the feature would be |
| useful. |
| |
| If core developers agree on the feature, then it's appropriate to create a |
| ticket. Include a link the discussion on `django-developers`_ in the ticket |
| description. |
| |
| As with most open-source projects, code talks. If you are willing to write the |
| code for the feature yourself or, even better, if you've already written it, |
| it's much more likely to be accepted. If it's a large feature that might need |
| multiple developers, we're always happy to give you an experimental branch in |
| our repository; see the :doc:`writing-code/branch-policy`. |
| |
| See also: :ref:`documenting-new-features`. |
| |
| .. _how-we-make-decisions: |
| |
| How we make decisions |
| --------------------- |
| |
| Whenever possible, we strive for a rough consensus. To that end, we'll often |
| have informal votes on `django-developers`_ about a feature. In these votes we |
| follow the voting style invented by Apache and used on Python itself, where |
| votes are given as +1, +0, -0, or -1. Roughly translated, these votes mean: |
| |
| * +1: "I love the idea and I'm strongly committed to it." |
| |
| * +0: "Sounds OK to me." |
| |
| * -0: "I'm not thrilled, but I won't stand in the way." |
| |
| * -1: "I strongly disagree and would be very unhappy to see the idea turn |
| into reality." |
| |
| Although these votes on `django-developers`_ are informal, they'll be taken very |
| seriously. After a suitable voting period, if an obvious consensus arises we'll |
| follow the votes. |
| |
| However, consensus is not always possible. If consensus cannot be reached, or |
| if the discussion towards a consensus fizzles out without a concrete decision, |
| we use a more formal process. |
| |
| Any :doc:`core committer</internals/committers>` may call for a formal vote |
| using the same voting mechanism above. A proposition will be considered carried |
| by the core team if: |
| |
| * There are three "+1" votes from members of the core team. |
| |
| * There is no "-1" vote from any member of the core team. |
| |
| * The :ref:`BDFLs<django-bdfls>` haven't stepped in and executed their |
| positive or negative veto. |
| |
| When calling for a vote, the caller should specify a deadline by which |
| votes must be received. One week is generally suggested as the minimum |
| amount of time. |
| |
| Since this process allows any core committer to veto a proposal, any "-1" |
| votes (or BDFL vetos) should be accompanied by an explanation that explains |
| what it would take to convert that "-1" into at least a "+0". |
| |
| Whenever possible, these formal votes should be announced and held in |
| public on the `django-developers`_ mailing list. However, overly sensitive |
| or contentious issues -- including, most notably, votes on new core |
| committers -- may be held in private. |
| |
| |
| .. _searching: https://code.djangoproject.com/search |
| .. _custom queries: https://code.djangoproject.com/query |
| .. _django-developers: http://groups.google.com/group/django-developers |
| .. _django-users: http://groups.google.com/group/django-users |
| .. _#django: irc://irc.freenode.net/django |
