User:Jproseve/TriageProposal

From openSUSE

Initial Triage Steps

Applies while bug is in UNCONFIRMED state

• Bug does not have all information as per http://en.opensuse.org/Bugs
  • NEEDINFO for required information
  • Next bug

• Confirm bug severity
  • Continue to review bug

• Estimate and set bug priority
  • Continue to review bug

• Apply Defect Review Steps
  • If bug is resolved during these steps Next bug

• Assign bug to real person
  • Mark bug as NEW
  • Next bug

FIXME: Can we allow setting of priority in the community users (as opposed to developers)? - bug voting?

Initial Triage Synopsis

1. Figure out the priority/severity of the bug
2. Close it if you can
3. Get all the relevant information you can and mark it NEW

Defect Review Steps

• Bug in NEEDINFO state but has a response
  • Remove NEEDINFO flag
  • Continue to review bug

• Bug in NEEDINFO state for someone outside the openSUSE developer community for more than 4 weeks
  • Add comment that states "No reply in more than 4 weeks. Please reopen if you are able to provide the requested information"
  • Close as RESOLVED/NORESPONSE
  • Next bug

• Bug is priority P3-P4 or enhancement in any released openSUSE and is fixed in most current openSUSE release
  • Add a comment that states what product it is fixed in
  • Close as RESOLVED/FIXED
  • Next bug

• Bug is priority of P2-P4 and in a package no longer shipped in current openSUSE releases
  • Add a comment that states for what product the package was dropped
  • Close as RESOLVED/WONTFIX
  • Next bug

• Bug is how something works by design, is not coherent enough, etc
  • Close as RESOLVED/INVALID
  • Next bug

• Bug is present in upstream code
  • Search for the bug upstream and if not filed, file it upstream
    • Add a link to our downstream bug in the upstream bug
    • CC a team member in the upstream bug
  • Add the should_go_upstream keyword
  • Add a comment that includes the link to the upstream
  • Enter the link to the upstream bug in the URL field
  • Continue to review bug

• Bug is marked should_go_upstream and is priority P3-P4 or enhancement in the UI of a package maintained exclusively or near exclusively upstream
  • Close as RESOLVED/REMIND
  • Next bug

• Bug is marked should_go_upstream and is priority P3-P4 or enhancment and it is for a package that we don't install by default
  • Close as RESOLVED/REMIND
  • Next bug

• Bug is marked should_go_upstream and is priority P4 or enhancement in a package maintained exclusively upstream
  • Close as RESOLVED/REMIND
  • Next bug

• Bug is open for a non-current product and is P3-P4 or enhancement
  • Mark the OS field with the distribution filed against
  • Set the product to the next shipping product

Defect Review Synopsis

1. Close bugs NEEDINFO'd externally for more than 4 weeks
2. Close lower priority bugs if it's fixed in newer distributions
3. Upstream the bug if you can and keep it open if it's higher priority, close as RESOLVED/REMIND otherwise
4. Move non-high priority bugs to the next distribution

Defect Correction Steps

Prioritization

• Fix each priority level in order P0-P4 in descending order of severity
• P1 bugs supersede all mandatory feature work
• P2 bugs supersede important and desirable features
• P3 and P4 bugs supersede desirable features and should be fixed only after beta 1

Bug States

• Bug is actively being worked on
  • Set state to ASSIGNED
• Bug fix is submitted to appropriate product
  • Set appropriate fixed in milestone
  • Mark RESOLVED/FIXED
• Bug fix is verified by QA
  • Set state to VERIFIED
• Bug fix is shipped in product
  • Set state to CLOSED

Defect Correction Synopsis

1. Always work on P0-P1 immediately
2. Fix each priority level in order P0-P4 in descending order of severity
3. Set the bug to ASSIGNED when its being worked on
4. Close it when the fix is submitted to autobuild

Defect Management Reference

Bug Severities

Blocker

• Prevents developers or testers from performing their jobs. Impacts the development process.
• (Documentation) Key documentation is missing for critical testing and review.
• (Security) An issue that blocks the completion of an SRB architecture and/or export review.

Examples:

• Unable to login
• Unable to performance certification tests
• Unable to update system

Critical

• Crash, loss of data, corruption of data, severe memory leak.
• (Documentation) prescribes or doesn't warn against actions that cause data loss or corruption.
• (Security) A CVSS base score of 5.0 - 10.0 is a critical defect.

Examples:

• Crash that is repeatable and evident to multiple users
• Memory leaks that lead to OOM errors during average use in one week or less

Major

• Major loss of function, as specified in the product requirements for this release, or existing in the current product.
• (Documentation) missing, misleading, inaccurate, or contradictory information to the degree that by following the documentation successful completion of fundamental tasks is unlikely.
• (Security) A CVSS base score of 2.5 - 4.99 is a major defect..

Examples:

• Prevents mandatory feature from working properly
• Feature regression from previous release

Normal

• Non-major loss of function.
• (Documentation) missing, misleading, inaccurate, or contradictory information in the documentation, but successful task completion is probable.
• (Security) A CVSS base score of 1.0 – 2.49 is a normal defect.

Examples:

• Prevents important or desirable feature from working properly

Minor

• Issue that can be viewed as trivial (e.g. cosmetic, UI, easily documented).
• (Documentation) contains stylistic or formatting issues, but functionality is not hindered.
• (Security) A CVSS base score of 0 – 0.99 is a minor defect.

Examples

• String typo

Bug Priorities

P0 - CritSit

This priority is for internal Novell use only

P1 - Urgent

Use this priority for urgent issues

Examples:

• Blocker: Generally is a P1
• Critical: Nautilus crashing while opening a file for all x86_64 installations
• Major: Fingerprint support authenticates regardless of the fingerprint swipes
• Normal: Package management log does not get rotated (will get large fast)
• Minor: SLED is misspelled in bootsplash

P2 - High

Use this priority for mandatory defects, enhancements, and work items. That is, for items that must be resolved in this release.

Examples:

• Critical: Nautilus crashing while opening a file for all x86_64 installations over ssh
• Major: Fingerprint support (mandatory feature) does not work with gnome-screensaver
• Normal: Package management system is not able to lock packages with regular expressions (but rug parity is needed)
• Minor: Notification about potential security issue is obscured on screen

P3 - Medium

Use this priority for desirable defects, enhancements, and work items. That is, for items we would like to fix, but we won't hold shipment for them.

Examples:

• Critical: Nautilus crashing while opening a file ssh for certain non-default configurations
• Major: Fingerprint support (mandatory feature) does not work with sudo
• Normal: Package management system is does not display correct progress
• Minor: Notifications do not wrap text properly and can be cut off sometimes

P4 - Low

Use this priority for optional defects, enhancements, and work items. This priority is not as strong as desirable.

Examples:

• Critical: Nautilus crashing while opening a file ssh for particular user with a provided backtrace
• Major: Fingerprint support (mandatory feature) does not work with sudo for users with complex configurations
• Normal: Package management system does not show correct icon for enhancement updates
• Minor: Notifications do not have the correct icon sometimes

P5 - None

Indicates that a priority has not been assigned.