Bugzilla ‘not dead yet’ says project lead – but getting new contributors has challenges

Bugzilla, an open source defect tracking system designed for self-hosting, will be getting updates again after a period of inactivity, according to project lead Dave Miller who said that life changes will give him more time to spend on the project.

Bugzilla in use at the Apache Foundation

In a post to the Bugzilla site, Miller confessed to not having done much for the project over a number of years. “I’ve attempted to hand off control of the project to someone else twice in the last 10 years,” he said, but each time the person got a new job and did not have time to take on Bugzilla as well.

Now he again has time to give to the project and has already fixed some issues with the infrastructure, like the IRC (Internet Relay Chat) bot not working because of out of date SSL libraries. The test suite has been moved too and there is now a private repository for security commits, to avoid exposing these to malicious users before they are released.

The Bugzilla project claims usage by “hundreds of thousands” of organizations, with examples including the Linux kernel (Kernel.org), Apache Foundation, LibreOffice, Apple-sponsored WebKit, FreeBSD, and Oracle. The project originated with Mozilla, which created the first version in-house and released it in 1998. It was ported from TCL to Perl soon after. Miller became project leader in July 2001.

The project’s goals include a tight focus on bug tracking. “While the potential exists in the code to turn Bugzilla into a technical support ticket system, task management tool, or project management tool, we should focus on the task of designing a system to track software defects,” the project site states. It is “free as in freedom and free as in price.”

The release history and plans for Bugzilla are not straightforward. Version 4.4, first released in 2013, is still supported on the grounds that “our support policy says that we have to support it for 4 months after the following two major releases,” and there has only been one later major release so far, though Miller intends that version 4.4.14 will be the last. Then there is a 5.0.4 branch, a 5.1 branch which is “basically dead”, and a 5.2 branch which will be the next major release. Finally there is a 5.9.1 branch, codenamed Harmony, which is currently a developer preview and will become Bugzilla 6.

A complication is that version 5.05 and 5.06 were released in early 2019 in violation of the support policy because they contained “a massive schema change,” Miller said, because of a new release manager unfamiliar with the process. The consequence was that some stayed with the old version. “5.05 should have been called 5.2,” said Miller.

Despite its roster of important users, Bugzilla is no longer the only choice for those in search of a free bug-tracking system. GitHub has quite effective issue management, for example, a generous free tier, and removes the burden of self-hosting. Another difficulty is that Perl is now well down the list of popular languages making it harder to find contributors. Miller is appealing for help with documentation, compliance auditing, and fixing bugs in Bugzilla itself. He also asks for businesses using Bugzilla to consider providing some paid developer time.

“I love Bugzilla … I can’t, however, actually expect or recommend with a straight face that anyone deploy or work on it, considering it’s a foreign codebase written in Perl, so it’s not something I want to do myself, either,” observed a developer on Hacker News.