Bugzilla vs Trac on cover of Software Test & Performance Mag
Gervase Markham
gerv at mozilla.org
Sun Jan 27 22:40:31 UTC 2008
David Miller wrote:
> Software Test & Performance Magazine (the same place we got the Tester's
> Choice awards from a couple months ago) has an article comparing
> Bugzilla and Trac as the cover story of their February 2008 issue.
>
> http://stpmag.com/
The issue is available for download from the site as a PDF. Here's a
quote from the category in which we beat them (they beat us on Windows
install):
Security is job #1. According to Bug-
zilla’s maintainers: “The current develop-
er community is very much concerned
with the security of your site and your
Bugzilla data. As such, we make every
attempt to seal up any security holes as
soon as possible after they are found.”
As such, a list of the security advi-
sories issued with each release that
included security-related fixes is provid-
ed on the Bugzilla homepage. “This is
almost every version we’ve ever released
since 2.10,” read a statement, indicative
of the recent attention being paid to
security matters.
When I asked the Trac develop-
ment team about its attention to secu-
rity, I got this response: “I cannot give
a complete answer, but what I know is
that we actively look at code we have
from multiple angles to see if there’s a
potential abuse.” I am concerned
about such a lax position toward secu-
rity. In our case, lax security was a deal
breaker. And because of the attention
to security paid by Bugzilla developers
of late, the project’s longevity also
played a major part; they’ve
had more time to fix security
flaws.
Looks like people appreciate our approach to security :-)
Gerv
More information about the developers
mailing list