Upgrade to 0.44.1 broke our site

Antonio Terceiro terceiro at colivre.coop.br
Thu Jul 25 19:17:42 BRT 2013 

On Thu, Jul 25, 2013 at 03:28:20PM -0300, Ewout ter Haar wrote:
> On Thu, Jul 25, 2013 at 3:10 PM, Bráulio Bhavamitra <braulio at eita.org.br> wrote:
> 
> > The magic was actually due to a bug in the code I submitted. I haven't
> > checked for nil or preloaded with a default value. In cirandas this value is
> > not nil, that's why the problem doesnt happen there.
> 
> My question remains: why did the quality control tests not catch it
> before the release went out?

Because no QA in the world is able to catch all problems all the time.
Because no two systems are the same. Stuff that works here will break
elsewhere.

Isn't the whole point of you having a test system to be able to catch
eventual problems that we didn't catch before such problems reach your
production system? Guess what, it works! :-)

If you were to assume that the upstream Noosfero QA process is 100%
effective, you would not have a test system. It's good that you know
better than that.

> > About the escaped html, I still don't get the problem. It seems that the
> > debian rails has a different behaviour than the official rails (2.3.15), the
> > one used in cirandas.
>
> I think Terceiro has some explaining to do. As I understand it, his
> argument for using the debian rails and debian package management
> system is so that administrators can use their debian managements
> skills to mantain their sites. Well, it seems that reality is
> different: twice now an apt-get upgrade broke my site: first when the
> debian rails became incompatible with the debian noosfero (a few
> months ago) and now because the debian noosfero (stable!) just broke
> for some reason.

First, let's recap what broke and made you so angry:

1) a crash caused by a bug that didn't happen in the environment of the
author of the code

We could have had a closer look and spotted the problem before releasing
the code? Yes, we could. But no process is perfect, this one just
slipped.

*This has nothing to do* with which version of Rails is being used or
where it came from.

2) a crash caused by a bug in 2 plugins

As above, this has nothing to do with which Rails version is being used
or where it come from.

3) escaped HTML in a blog. Did it work OK before? Is it a regression?
There was some work on performance issues that touched the blog, that
might have caused a regression.

Now this has something to do with the Rails version. As we already found
out, there are some differences in the behavior of Debian Rails
2.3.5+security patches and the Upstream Rails 2.3.15, specially with
regard to handling the potentially unsafe HTML. We have been working
hard to fix all the problems caused by this, while also trying to
advance to Rails 3. I still believe using APT for managing dependencies
is a good thing, but well, nothing comes with no disadvantages.

I just pushed a fix for the escaped HTML problem. It will be released
with 0.44.2.

By the way, none of these problems were introduced by 0.44.1, a
maintenance release. All of them were introduced between 0.43.0 and
0.44.0, a version with new features, in which one has to expect some
bugs as well. That's just a fact of life; that's why we have test
systems.

> Am I missing something?

You are missing to realize that problems might happen, and when they do
happen, pointing fingers in what is in my opinion a disrespectful way
("WTF, Colivre?", "Terceiro has some explaining to do") does not help
to solve the problem.

Probably it's not your intention to be disrespectful, it's just written
communication failing miserably at transmitting mood. But being called
out in public like that is no fun, and quite demotivating.

For us to have a healthy community, we need not only to be professional
(which I believe we all are), but we also must look professional in our
communication.

If there are problems, let's work together on fixes, and discuss how we
can avoid the same type of problem happening in the future. For example
I think we must put a policy to not allow any plugins without at least
one functional or acceptance test.

-- 
Antonio Terceiro <terceiro at colivre.coop.br>
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20130725/2daaf8df/attachment.pgp>

More information about the Noosfero-dev mailing list