Boolean Chart Redesign

Bernd Groh bgroh at redhat.com
Tue Jul 20 22:18:19 UTC 2010


Bradley Baetz wrote:
> On Tue, Jul 20, 2010 at 2:35 PM, Bernd Groh <bgroh at redhat.com> wrote:
>   
>> Completely agree. Though I believe people indeed care how they can use the
>> URL in order to query bugzilla. I know a lot of people who don't use the UI,
>> but use the URL directly (me included), and for these people, the easier
>> they can represent a boolean string, the easier it is.
>>     
>
> So this has been a problem pretty much from day one. (Bugzilla used to
> support a URL param of sql=<foo> which it injected directly into the
> query to allow custom 'stuff'. This was not exactly secure (to say the
> least...) and was removed about eight years ago)
>
> The problem with being too generic is that MySQL's query optimiser
> sucks in a lot of respects, especially older versions which many
> people are running. In the boolean charts context, that's most likely
> to be around how MySQL does joins (basically, one index per table per
> query, so joining bugs to too many child tables causes full table
> scans). Its going to need a fair bit of careful design to end up with
> SQL that works well on large DBs.
>   

None of which should have anything to do with the boolean string one may 
like to submit. I wouldn't ever ask to allow for random sql to be 
injected into a query. That's just silly. Yet, people will want to query 
for quite complex configurations that aren't supported by the advanced 
search screen, and right now, aren't even supported or don't work 
properly with the Boolean charts. Right now, there's no way to retrieve 
a list of bugs for some quite valid "states" (state here referring to 
the state in a complex workflow that's determined by, for example, 
status, keyword combinations, flag combinations, a number of custom 
fields, etc.). In a lot of cases, Bugzilla isn't a stand-alone 
application, it's part of an entire workflow toolchain. Some of these 
workflow tools provide a view, and a very specific view, of a very 
particular data set of bugs within a very specific "state", and people 
would like all these applications to link back into bugzilla. And how do 
you link back into bugzilla? Well, with a URL. And no, not with a url 
that contains some random sql, or even should have any effect on the 
resulting sql, but with a url that describes the "state" of the relevant 
bugs in terms of status, keyword combinations, flag combinations, custom 
fields, etc.

Or do you want to tell them that if that's what they need, they probably 
shouldn't use Bugzilla?

Cheers,
Bernd



More information about the developers mailing list