Reporting bugs and requesting features
Before reporting a bug or requesting a new feature, please consider these
general points:
- Check that someone hasn’t already filed the bug or feature request by
searching or running custom queries in the ticket tracker.
- Don’t use the ticket system to ask support questions. Use the
django-users list or the #django IRC channel for that.
- Don’t reopen issues that have been marked “wontfix” by a core developer.
This mark means that the decision has been made that we can’t or won’t fix
this particular issue. If you’re not sure why, please ask
on django-developers.
- Don’t use the ticket tracker for lengthy discussions, because they’re
likely to get lost. If a particular ticket is controversial, please move the
discussion to django-developers.
Reporting bugs
Well-written bug reports are incredibly helpful. However, there’s a certain
amount of overhead involved in working with any bug tracking system so your
help in keeping our ticket tracker as useful as possible is appreciated. In
particular:
- Do read the FAQ to see if your issue might
be a well-known question.
- Do ask on django-users or #django first if you’re not sure if
what you’re seeing is a bug.
- Do write complete, reproducible, specific bug reports. You must
include a clear, concise description of the problem, and a set of
instructions for replicating it. Add as much debug information as you can:
code snippets, test cases, exception backtraces, screenshots, etc. A nice
small test case is the best way to report a bug, as it gives us an easy
way to confirm the bug quickly.
- Don’t post to django-developers just to announce that you have
filed a bug report. All the tickets are mailed to another list,
django-updates, which is tracked by developers and interested
community members; we see them as they are filed.
To understand the lifecycle of your ticket once you have created it, refer to
Triaging tickets.
Reporting security issues
Важно
Please report security issues only to security@djangoproject.com.
This is a private list only open to long-time, highly trusted Django
developers, and its archives are not publicly readable.
In the event of a confirmed vulnerability in Django itself, we will take the
following actions:
- Acknowledge to the reporter that we’ve received the report and that a
fix is forthcoming. We’ll give a rough timeline and ask the reporter
to keep the issue confidential until we announce it.
- Focus on developing a fix as quickly as possible and produce patches
against the current and two previous releases.
- Determine a go-public date for announcing the vulnerability and the fix.
To try to mitigate a possible “arms race” between those applying the
patch and those trying to exploit the hole, we will not announce
security problems immediately.
- Pre-notify third-party distributors of Django (“vendors”). We will send
these vendor notifications through private email which will include
documentation of the vulnerability, links to the relevant patch(es), and
a request to keep the vulnerability confidential until the official
go-public date.
- Publicly announce the vulnerability and the fix on the pre-determined
go-public date. This will probably mean a new release of Django, but
in some cases it may simply be patches against current releases.
Reporting user interface bugs and features
If your bug or feature request touches on anything visual in nature, there
are a few additional guidelines to follow:
- Include screenshots in your ticket which are the visual equivalent of a
minimal testcase. Show off the issue, not the crazy customizations
you’ve made to your browser.
- If the issue is difficult to show off using a still image, consider
capturing a brief screencast. If your software permits it, capture only
the relevant area of the screen.
- If you’re offering a patch which changes the look or behavior of Django’s
UI, you must attach before and after screenshots/screencasts.
Tickets lacking these are difficult for triagers and core developers to
assess quickly.
- Screenshots don’t absolve you of other good reporting practices. Make sure
to include URLs, code snippets, and step-by-step instructions on how to
reproduce the behavior visible in the screenshots.
- Make sure to set the UI/UX flag on the ticket so interested parties can
find your ticket.
Requesting features
We’re always trying to make Django better, and your feature requests are a key
part of that. Here are some tips on how to make a request most effectively:
- Make sure the feature actually requires changes in Django’s core. If your
idea can be developed as an independent application or module — for
instance, you want to support another database engine — we’ll probably
suggest that you to develop it independently. Then, if your project
gathers sufficient community support, we may consider it for inclusion in
Django.
- First request the feature on the django-developers list, not in the
ticket tracker. It’ll get read more closely if it’s on the mailing list.
This is even more important for large-scale feature requests. We like to
discuss any big changes to Django’s core on the mailing list before
actually working on them.
- Describe clearly and concisely what the missing feature is and how you’d
like to see it implemented. Include example code (non-functional is OK)
if possible.
- Explain why you’d like the feature. In some cases this is obvious, but
since Django is designed to help real developers get real work done,
you’ll need to explain it, if it isn’t obvious why the feature would be
useful.
If core developers agree on the feature, then it’s appropriate to create a
ticket. Include a link the discussion on django-developers in the ticket
description.
As with most open-source projects, code talks. If you are willing to write the
code for the feature yourself or, even better, if you’ve already written it,
it’s much more likely to be accepted. If it’s a large feature that might need
multiple developers, we’re always happy to give you an experimental branch in
our repository; see the Branch policy.
See also: Documenting new features.
How we make decisions
Whenever possible, we strive for a rough consensus. To that end, we’ll often
have informal votes on django-developers about a feature. In these votes we
follow the voting style invented by Apache and used on Python itself, where
votes are given as +1, +0, -0, or -1. Roughly translated, these votes mean:
- +1: “I love the idea and I’m strongly committed to it.”
- +0: “Sounds OK to me.”
- -0: “I’m not thrilled, but I won’t stand in the way.”
- -1: “I strongly disagree and would be very unhappy to see the idea turn
into reality.”
Although these votes on django-developers are informal, they’ll be taken very
seriously. After a suitable voting period, if an obvious consensus arises we’ll
follow the votes.
However, consensus is not always possible. If consensus cannot be reached, or
if the discussion towards a consensus fizzles out without a concrete decision,
we use a more formal process.
Any core committer may call for a formal vote
using the same voting mechanism above. A proposition will be considered carried
by the core team if:
- There are three “+1” votes from members of the core team.
- There is no “-1” vote from any member of the core team.
- The BDFLs haven’t stepped in and executed their
positive or negative veto.
When calling for a vote, the caller should specify a deadline by which
votes must be received. One week is generally suggested as the minimum
amount of time.
Since this process allows any core committer to veto a proposal, any “-1”
votes (or BDFL vetos) should be accompanied by an explanation that explains
what it would take to convert that “-1” into at least a “+0”.
Whenever possible, these formal votes should be announced and held in
public on the django-developers mailing list. However, overly sensitive
or contentious issues – including, most notably, votes on new core
committers – may be held in private.