Bugzilla vs Trac on cover of Software Test & Performance Mag

Gervase Markham gerv at mozilla.org
Sun Jan 27 22:40:31 UTC 2008

David Miller wrote:
> Software Test & Performance Magazine (the same place we got the Tester's 
> Choice awards from a couple months ago) has an article comparing 
> Bugzilla and Trac as the cover story of their February 2008 issue.
> http://stpmag.com/

The issue is available for download from the site as a PDF. Here's a 
quote from the category in which we beat them (they beat us on Windows 

                   Security is job #1. According to Bug-
                   zilla’s maintainers: “The current develop-
                   er community is very much concerned
                   with the security of your site and your
                   Bugzilla data. As such, we make every
                   attempt to seal up any security holes as
                   soon as possible after they are found.”
                       As such, a list of the security advi-
                   sories issued with each release that
                   included security-related fixes is provid-
                   ed on the Bugzilla homepage. “This is
                   almost every version we’ve ever released
                   since 2.10,” read a statement, indicative
                   of the recent attention being paid to
                   security matters.
                       When I asked the Trac develop-
                   ment team about its attention to secu-
                   rity, I got this response: “I cannot give
                   a complete answer, but what I know is
                   that we actively look at code we have
                   from multiple angles to see if there’s a
                   potential abuse.” I am concerned
                   about such a lax position toward secu-
                   rity. In our case, lax security was a deal
                   breaker. And because of the attention
                   to security paid by Bugzilla developers
                   of late, the project’s longevity also
                              played a major part; they’ve
                              had more time to fix security

Looks like people appreciate our approach to security :-)


More information about the developers mailing list