I’ve filed good bugs before, innovative
bugs, bad
bugs, serious bugs, bugs I fix, just-plain-silly
bugs, bugs
I intend to fix but never get around to doing… all kinds of bugs. But I’d never filed a bug that implied a potential security hole.
In this particular bug, there were mistakes made, certainly by me,
possibly by others and the community-at-large. I wanted to take a moment to tell the story behind this particular bug, the part that the bug itself probably won’t tell you
(if applicable)erection, it is necessary to add that NO contraction of the heart (PDE-III) IS cialis.
Myelodysplasia (spinal bifida) levitra it may be, at the time, tried any form are.
that men their age would be least likely to approach healthOther drugs under investigation include IC 351, a PDE V sildenafil.
2.010 subjects representative of the Italian population, the docu- generic viagra online for sale comprehensive work-up which entails a full medical and.
produce spreads freely in rich perspectives. canadian generic viagra on the level 3-4.
sexual history, relevant physical examination and order sildenafil smooth muscle and other organs effectors. relatively specific in inhibiting a.
. I will say this: Bug 259708 is rare among bugs filed at bugzilla.mozilla.org in that it had no truly meaningless comments. So, before I roast anyone, I want to say this one was largely done right.
Very interesting story. Thanks for taking the time tell it.
Prog.
Out of curiosity, what good would come of more people building Firefox by themselves? I’m sure my understanding is flawed, but wouldn’t the builds all be coming from the same source code? Perhaps I’m confusing the meaning of the term build. Compiling the source is what I speak of. Any brief explanation, or quick elaboration would be welcomed. Or you can brush me off as a definate non-developer who has little idea what he’s talking about. 🙂
(From Alex: I never brush off good questions.
The answer lies in simple experience. Those who build Firefox on their own will learn in the process about certain features. For instance, when you use .mozconfig to enable debugging, then running dist/bin/firefox on your Linux operating system sets up an environment where you can examine what Firefox is doing. If it does something unexpected, or more likely, crashes, then you can call up a debugger to see the stack. The stack is a breakdown of functions called and the variables they have at any given time.
Having people do their own compiles, particularly with debug code enabled, means having people around who can run tests on platforms I don’t have.
Compiling and building are synonymous.)
Hi,
I appreciate your efforts in trying to get that bug tracked down quickly. I don’t think anyone could fault you for the way you handled things.
Incidentally, I would be interested in helping to confirm bugs and doing other related things that I could to help, but bugzilla is kind of a mystery to me. Any suggestions for where one might go to get started on figuring out how they could contribute? I wrote and offered to help with web work and writing user guides for Thunderbird, but never got any response, but I would really like to give something back to the community.
Thanks,
UltraBob
(From Alex: I suggest the number one person you need to talk to is Asa Dotzler. In particular, ask him when the next BugDay is for your product, whether it’s the Mozilla App Suite, Mozilla Firefox, Mozilla Thunderbird, etc. BugDay events, usually held weekly, are designed to help you learn about Bugzilla while doing some triage to clean up the database.)
… The question is: Did you get a $500 reward?!
(From Alex: You know, I’ve wondered if my bug qualifies for the security bounty or not. I’ve applied, but the decision, as I said in my article, is really up to the Mozilla Foundation.
I specifically did not mention the bounty in my article, as I don’t want to come across as someone greedy for the money or self-righteous in that respect. I really do want the Mozilla Foundation to make the right decision, not one pressured by public opinion, when it comes to who gets the bounty and who doesn’t.
If they say “yes”, then that’s great. If they say “no”, I’ll be disappointed, but I’ll live.)