Eclipse Community Survey 2010

June 12th, 2010

The results of the Eclipse Community Survey 2010 have recently been released. A summary of the findings is available in the Open Source Developer Report 2010. This survey of the Eclipse community is an interesting insight into software development and the trends which are taking place.

Most relevant to the MantisBT project is the question concerning whether developers are using change management systems (bug trackers) and if so, which software they are using. It’s interesting to note that 21.8% of respondents don’t use a change management system for their software projects (compared to 22.7% in 2009). Approximately 15% of respondents stated that they work alone on their projects (as opposed to working in a team based environment). This perhaps explains one of the reasons why such a large proportion of respondents don’t use change management systems (it’s overkill for many small solo projects).

Altassian’s proprietary JIRA software is the most widely used change management system amongst respondents (16.3% compared to 17% in 2009). The open source Bugzilla project is almost equally popular (15.3% compared to 17% in 2009). Trac (10.3% compared to 7.2% in 2009) and MantisBT (9.1% compared to 5.3% in 2009) are the other two popular change management systems in use amongst those surveyed. It’s interesting to note that 6.1% (compared to 8.4% in 2009) of respondents stated that they use a custom or in-house change management system as opposed to making use of existing software. Redmine, HQ Quality Center and IBM Rational ClearQuest were each used by approximately 2% of respondents. The remaining few percentage points were split across a wide array of change management systems, most with only a few users each from the 1700 survey respondents. Whilst there exists a vast range of change management systems to choose from, it’s clear that developers prefer to select from just four options – JIRA, Bugzilla, Trac and MantisBT. There doesn’t appear to be a trend towards developers breaking away from these four leaders.

It’s exciting to see that the number of respondents using MantisBT as their primary change management system has almost doubled from 2009 to 2010. If you’ve switched to using MantisBT in the past year, we’d be very interested in hearing from you the reasons why you selected MantisBT over other software. This feedback allows us to focus our attention towards improving the MantisBT features which are in most demand by our users.

Ian Skerrett has additional interesting observations on trends that have been occurring throughout the years this survey has been conducted. In 2007, 20% of developers surveyed were using Linux as their primary development operating system. That figure increased to 26.9% in 2009 and has again increased to 32.7% in 2010. The number of developers using Windows as their primary development system decreased from 73.8% in 2007 to 64.3% in 2009. In the past year this figure has further declined to 58.3%. It is also worth noting that Mac OSX usage increased from 3.5% in 2007 to 7.9% in 2010.

An interesting observation to add to Ian’s analysis is the trend in the response to the question regarding the primary target operating system for deployment of software. In 2007, 37% of respondents stated that their primary target platform was Linux. This figure increased in 2009 to 42.7% and again increased in 2010 to 46%. These gains have come at the loss of the Windows platform which has fallen from 47% in 2007 to 40.5% in 2009. The number of respondents who target their software towards Windows remained steady in 2010 at 41%.

One could attempt to explain the trend towards Linux as a movement of Windows platform developers away from the Eclipse community while simultaneously seeing gains in the number of Linux developers joining the community. The popularity of .NET over Java in recent times is one hypothesis to consider. However this explanation appears to be flawed on the basis that the target platform market share for Windows and Linux remained steady from 2009 to 2010 while a large number of developers switched from using Windows to Linux as their primary development environment.

The use of distributed version control systems has also increased in the past year. Git’s usage has increased from 2.4% to 6.8% and Mercurial’s usage has increased from 1.1% to 3%. These gains have come at the expense of CVS, down from 20% in 2009 to 12.6% in 2010. Subversion is still the most widely used version control system with 58.3% market share amongst developers surveyed (up slightly from 57.5% in 2009). It’s worth referring back to a blog post about version control system integration within MantisBT to note that the SourceIntegration plugin allows for easy integration of version control systems with MantisBT. We already have Git and Subversion integration in place and Mercurial integration will be ready shortly. For the 13% of survey respondents who use other version control systems, writing a SourceIntegration plugin for MantisBT is quite simple as the common framework is already in place. The removal of the legacy CVS integration feature from 1.3.x should have limited impact on MantisBT users due to the rapidly diminishing market share of CVS. Developing a CVS SourceIntegration plugin is quite straightforward anyway for developers who are still lagging behind on the VCS front.

Also worth noting from the survey results is that developers are widely split on which development methodology to use. 25% of developers surveyed don’t identify themselves as using a formal development methodology. The most popular development methodology used by respondents is Scrum at 15.4%, followed by Iterative Development at 10.9%. It’s interesting to see that the next largest response was “Don’t know” at 7.8%, potentially indicating that many developers lack formal education in the field of software engineering. Some of the remaining development methodologies in use by respondents include Agile (6.4%), Extreme Programming (6.1%), Test Driven Development (5.2%) and Waterfall (5.1%).

In terms of a change management system such as MantisBT, it’s important that the system can be adapted and configured to work within the development methodologies of each development team. Developers don’t want to be forced into using formal development methodologies. When a formal development methodology is used, it’s quite likely that it’ll need to be customised heavily for each development team and project. MantisBT has a very strong focus on being highly customisable. This level of customisability was further enhanced with the 1.2.0 release of MantisBT earlier this year adding plugin support. A wide array of plugins have already been developed to address the needs of individual MantisBT users. Examples of plugins that are likely going to be in high demand for MantisBT users are project management tools (charts, reports, etc) for Scrum and Agile methodologies as well as patch review functionality and test system integration for methodologies such as Test Driven Development.

I encourage you to have a look through the detailed survey responses (the raw data is also quite useful) for more insights into the current state of software development and the trends which are most interesting with respect to the MantisBT project. Previous data is available for the 2009 survey as well as the 2007 survey. Perhaps you’ll find some interesting trends that I’ve missed? Maybe you will find some inspiration to comment on your ideas for the future direction of the MantisBT project?

Posted in MantisBT | 2 Comments »

Clickjacking protection in MantisBT 1.2.1

April 25th, 2010

Mantis Bug Tracker 1.2.1 includes initial support for X-Frame-Options and X-Content-Security-Policy. These two browser security features aim to protect users against clickjacking attacks. If you’re unfamiliar with clickjacking, this presentation by Paul Stone at Black Hat EU 2010 provides an introduction to the topic. Essentially these options prevent a MantisBT site from being embedded within an IFrame on another website.

X-Frame-Options is supported in the latest versions of Internet Explorer, Opera, Safari and Chrome. If you’re using Firefox, you’ll need to install the NoScript extension to gain support for X-Frame-Options. However, Firefox 3.7 (currently under development) will support a more advanced security system called Content Security Policy (CSP). Where X-Frame-Options lets you toggle framing between on and off states, CSP lets you define rules for which domains are allowed to frame your MantisBT installation. CSP goes beyond providing just clickjacking protection and will also block data (images, scripts, etc) that is hosted on a different domain. Again, rules can be configured to allow data to be loaded from external domains if necessary. This feature is useful as an added layer of security against cross site scripting (XSS) attacks as an attacker can no longer load scripts or data from malicious websites.

At the moment there is no configuration options within MantisBT to disable this new clickjacking protection. If you know what you’re doing and understand the clickjacking threat to your MantisBT installation you can disable or reconfigure the clickjacking protection within core/http_api.php. If you want to insert your MantisBT installation within an IFrame from a page on the same domain (for instance, bugs.yourname.com contains an IFrame which loads bugs.yourname.com/mantisbt/) then you will need to change the http_security_headers() function as follows:

Find:

header( 'X-Frame-Options: DENY' );

Replace:

header( 'X-Frame-Options: SAMEORIGIN' );

Find:

header( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors 'none'" );

Replace:

header( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors 'self'" );

If you’re wanting to load your MantisBT installation in an IFrame from a different domain then you’ll need to comment out (place two forward slashes in front of) this line:

header( 'X-Frame-Options: DENY' );

You’ll then also need to make the following change where somewhere.yourdomain.com is the domain containing the page which loads MantisBT within an IFrame:

header( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors somewhere.yourdomain.com " );

As mentioned earlier, CSP also restricts the domains from which you can load external content from (images, scripts, etc). If you’ve written any custom plugins for MantisBT that load data in the browser from different domains (and if your users are using Firefox 3.7 beta) then you’ll need to read the CSP specifications and add the required headers within the http_security_headers() function within http_api.php.

The addition of these clickjacking prevention measures to MantisBT 1.2.1 helps keep your MantisBT installation secure against the “latest” (clickjacking has been around for years already) web application attacks. We hope to enhance this protection in future versions of MantisBT as these experimental browser clickjacking specifications are further developed. MantisBT 1.2.0 includes robust cross site request forgery (CSRF) protection and many improvements to preventing cross site scripting (XSS) attacks (including cookie protection with the HttpOnly flag). If you’re still using MantisBT 1.1.8 or an earlier version you are strongly encouraged to upgrade to MantisBT 1.2.1 to ensure that your bug tracker(s) are properly secured.

Posted in MantisBT | 1 Comment »

MantisBT 1.2.1 Released

April 23rd, 2010 
Hi all,

MantisBT 1.2.1 is a maintenance update for the stable 1.2.x branch. All
installations that are currently running any 1.1.x or 1.2.0 version are
advised to upgrade to this release.

Included with 1.2.1 are a range of bug fixes, translation updates, and general
improvements over the initial 1.2.0 release.  Highlights include an improved
installation, a fixed upgrade path from 1.1.x, fixes to the URL and path
detection, and updates to the plugin event system.

The release changelog can be found at:
   - http://www.mantisbt.org/bugs/changelog_page.php?version_id=109

It can be downloaded at:
   - http://www.mantisbt.org/download.php

Cheers

Tags: ,
Posted in MantisBT | 3 Comments »

Preselection of next highest value in “Change status to” dropdown

April 1st, 2010

The “Change status to” dropdown on the view issue page used to select the first option in the list as the default. Choosing the default value in this way isn’t particularly useful because workflow states usually progress than regress. The dropdown default value used to look something like this:

Change status to dropdown (before)

Change status to dropdown (before)

Recently this behaviour was improved so that the default value of the “Change status to” dropdown is selected as the next available status beyond the current status. For example, if the current status was “feedback” the default value is now “acknowledged” instead of “new”:

Change status to dropdown (after)

Change status to dropdown (after)

If no higher status is selectable then the highest available status will be selected.

You can expect this minor change in the next minor 1.2.1 release of MantisBT.

Posted in MantisBT | 1 Comment »

Source code repository integration with MantisBT 1.3.x

March 31st, 2010

The built-in source code repository integration feature from the days of MantisBT 1.1.x has been removed in MantisBT 1.3.x. This feature is superseded by the SourceIntegration plugin available for use with MantisBT 1.2.0 and later versions. The old in-built system had very limited capabilities and hadn’t been properly maintained for some time.

SourceIntegration is a set of plugins developed by John Reese (MantisBT developer) which allows you to integrate your MantisBT instance with multiple source code repositories at the same time. Currently supported version control systems include Subversion, WebSVN, SourceForge SVN hosting, Gitweb and Github.

The main benefit of SourceIntegration is the modular design which allows you to quickly and effortlessly integrate MantisBT with different version control systems. A new plugin for HgWeb (Mercurial) support took around 2 hours to create inclusive of the learning curve of becoming familiar with how SourceIntegration works. You can expect this plugin and more to become available with future versions of SourceIntegration.

The official MantisBT bug tracker has been using the SourceIntegration plugin for months without issue. The reason you’ve been seeing prefixes such as “Fix #123456:” and “Issue #234567:” in commit messages is that SourceIntegration automatically links commits with bugs on the official tracker where one (or more) of those prefixes exists.

If you have any problems with SourceIntegration or would like to submit patches, please report your issues at John’s plugin bug tracker instead of at the official MantisBT bug tracker.

You are strongly urged to migrate from the old in-built system to SourceIntegration if you haven’t done so already. As of MantisBT 1.3.0 the in-built system will no longer exist (you won’t lose historical data however).

Posted in MantisBT | 9 Comments »

SourceForge Project of the Month

March 31st, 2010

MantisBT has been named SourceForge Project of the Month for April 2010. The POTM blog post on SourceForge includes developer responses to an interview on topics relating to the MantisBT project and the wider open source community. In particular you may be interested to read the developer responses on the future direction of MantisBT and ways in which you can get involved.

The MantisBT project has been using SourceForge since the year 2000 (over 10 years) for distribution of releases and operation of mailing lists. In previous years the MantisBT project has used the CVS and Subversion repository hosting features of SourceForge.

We would like to thank SourceForge for their commitment to assisting open source projects of all sizes over the past decade.

Posted in MantisBT | 3 Comments »

MantisBT 1.2.0 Released

February 22nd, 2010 
MantisBT Release Notes

1.2.0 Stable Release
-------------------------------------------------

This release marks the first official release in the 1.2.x series of MantisBT.
1.2.0 is a major feature release for MantisBT, and includes many bugfixes and
enhancements over the 1.1.x stable branch.  All users of 1.1.x are highly
encouraged to upgrade as soon as possible.

A full changelog for the 1.2.x series can be found on the official site. [1]

There are many new features added to 1.2.0, including:

 - Converted the MantisBT Manual to Docbook format, and added a new Developer's
   Guide manual, both of which are compiled and included in every release

 - Implemented a plugin system with many plugins already released [2]

 - Global categories available to all projects, as well as project categories
   inheriting from parent projects to child projects;  both are optional

 - Tracked change history for textarea fields (Description, etc) and bug notes

 - Customizable sets of columns for View Issues page and export formats

 - Combined simple and advanced views into a single, configurable view that
   allows selecting exactly what fields to show or hide

 - Improved roadmap and changelog pages, including version release dates, and
   permalinks to individual versions

 - Marking versions as obsolete to hide them from the roadmap and changelog

 - More configuration options for rebranding MantisBT installations

 - Improved support for PostgreSQL databases

 - Improved support for UTF-8 localizations and content

 - Implemented custom search providers for Firefox and Internet Explorer

 - Implemented localized timestamps using according to user-preferred timezones

There have also been many improvements to the codebase beyond adding features:

 - Migrated to parameterised database queries throughout the codebase for both
   performance and security improvements

 - Added PHPDoc compatible documentation to all internal API's

 - Removed many hardcoded references to access levels and other enumerations,
   for improved customizability.

 - Migrated away from DATETIME fields to integer timestamps for timezone usage

 - All 3rd party code is now contained within the library/ path, including
   documentation on library versions and any patches applied

 - Initial support for MySQL 6 and PHP 5.3

[1] The changelog is split between multiple releases:

    1.2.0a1    http://www.mantisbt.org/bugs/changelog_page.php?version_id=89
    1.2.0a2    http://www.mantisbt.org/bugs/changelog_page.php?version_id=96
    1.2.0a3    http://www.mantisbt.org/bugs/changelog_page.php?version_id=104
    1.2.0rc1   http://www.mantisbt.org/bugs/changelog_page.php?version_id=98
    1.2.0rc2   http://www.mantisbt.org/bugs/changelog_page.php?version_id=106
    1.2.0      http://www.mantisbt.org/bugs/changelog_page.php?version_id=108

[2] MantisForge is now the preferred code collaboration site for MantisBT,
    including free hosting of MantisBT-related Git repositories for development
    of contributions to MantisBT itself or community plugins.

    http://git.mantisforge.org/

Tags: ,
Posted in MantisBT | 1 Comment »

MantisBT 1.2.0rc2 Release Candidate 2

October 7th, 2009

MantisBT Release Notes

1.2.0 Release Candidate 2
————————————————-

This release marks the second “stable” release in the 1.2.x series of MantisBT. The 1.2.x series is now officially feature complete, and this build is ready for official testing in non-critical installations. This release is a good representation of a final 1.2.0 build.

A full changelog for the 1.2.x series can be found on the official site. [1]

There are many new features added to 1.2.x, including:

  • Converted the MantisBT Manual to Docbook format, and added a new Developer’s Guide manual, both of which are compiled and included in every release.
  • Implemented a plugin system with many plugins already released [2]
  • Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
  • Tracked change history for textarea fields (Description, etc) and bug notes
  • Customizable sets of columns for View Issues page and export formats
  • Combined simple and advanced views into a single, configurable view that allows selecting exactly what fields to show or hide
  • Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
  • Marking versions as obsolete to hide them from the roadmap and changelog
  • More configuration options for rebranding MantisBT installations
  • Improved support for PostgreSQL databases
  • Improved support for UTF-8 localizations and content
  • Implemented custom search providers for Firefox and Internet Explorer
  • Implemented localized timestamps using according to user-preferred timezones

There have also been many improvements to the codebase beyond adding features:

  • Migrated to parameterised database queries throughout the codebase for both performance and security improvements
  • Added PHPDoc compatible documentation to all internal API’s
  • Removed many hardcoded references to access levels and other enumerations, for improved customizability
  • Migrated away from DATETIME fields to integer timestamps for timezone usage
  • All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied
  • Initial support for MySQL 6 and PHP 5.3

[1] The changelog is split between multiple releases:

[2] MantisForge is now the preferred code collaboration site for MantisBT, including free hosting of MantisBT-related Git repositories for development of contributions to MantisBT itself or community plugins.

Tags:
Posted in MantisBT | 22 Comments »

MantisBT 1.2.0rc1 Release Candidate 1

June 23rd, 2009

MantisBT Release Notes

1.2.0 Release Candidate 1
————————————————-

This release marks the first “stable” release in the 1.2.x series of MantisBT. The 1.2.x series is now officially feature complete, and this build is ready for official testing in non-critical installations. This release is a good representation of a final 1.2.0 build.

A full changelog for the 1.2.x series can be found on the official site. [1]

There are many new features added to 1.2.x, including:

  • Converted the MantisBT Manual to Docbook format, and added a new Developer’s Guide manual, both of which are compiled and included in every release.
  • Implemented a plugin system with many plugins already released [2]
  • Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
  • Tracked change history for textarea fields (Description, etc) and bug notes
  • Customizable sets of columns for View Issues page and export formats
  • Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
  • Marking versions as obsolete to hide them from the roadmap and changelog
  • More configuration options for rebranding MantisBT installations
  • Improved support for PostgreSQL databases
  • Improved support for UTF-8 localizations and content
  • Implemented custom search providers for Firefox and Internet Explorer
  • Implemented localized timestamps using according to user-preferred timezones

There have also been many improvements to the codebase beyond adding features:

  • Migrated to parameterised database queries throughout the codebase for both performance and security improvements
  • Added PHPDoc compatible documentation to all internal API’s
  • Removed many hardcoded references to access levels and other enumerations, for improved customizability.
  • Migrated away from DATETIME fields to integer timestamps for timezone usage
  • All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied

As usual, downloads can be found on the download page:
http://www.mantisbt.org/download.php

[1] The changelog is split between multiple releases:

[2] MantisForge is now the preferred code collaboration site for MantisBT, including free hosting of MantisBT-related Git repositories for development of contributions to MantisBT itself or community plugins.

Cheers

Tags:
Posted in MantisBT | 23 Comments »

MantisBT 1.1.8 Released

June 8th, 2009

MantisBT 1.1.8 is a maintenance update for the stable 1.1.x branch. All installations that are currently running any 1.1.x release are advised to upgrade to this release.

This is the final release of the 1.1.x series, and fixes a few small bugs and translation issues. A release candidate for 1.2.0 will be made available within the very near future, and development on the 1.1.x series will be halted as of now, barring any major issues before the final release of 1.2.0.

The release changelog can be found at:
http://www.mantisbt.org/bugs/changelog_page.php?version_id=105

It can be downloaded at:
http://www.mantisbt.org/download.php

Cheers

Tags:
Posted in MantisBT | 15 Comments »

« Older Entries