Intercepting Bug Reports is Bad

open sourceParticipating in and maintaining open source projects is great fun, much rewarding and very educating. One thing you always want is bug reports from users who suffer from problems, as you cannot fix problems unless you know they exist!

Yet there are several obstacles along the way that can prevent users’ reports from reaching your project. These obstacles include:

Security sites

Eager to announce a new problem, a new revealed leak or exploit, people (often) submit security- related problems directly to sites and forums dealing with security. These sites (of course) don’t forward the reports onwards, they simply assume the projects are informed as well…


People who use Linux Distributions very often feel like a user of that distro (no surprise there really!) and they therefore primarily report bugs and problems to the distro’s bug tracker. Unless the people in the distro are keen and interested enough, those reports sit there rotting away and people in the upstream project who would like to know about it are never told and thus the bug isn’t fixed…

Sometimes the bug is even fixed by the distro people and they make a newly built version available, featuring that patch, but the patch isn’t forwarded upstream either!

Related forums/mailing lists

People discussing the project in another list or forum where they are users of it. They talk about workarounds etc and sometimes even talk about “known bugs” and “existing flaws” but without ever reporting them to the originating project so they aren’t fixed. They may thus be known to the subgroup there but not upstream.

Please report upstream!

This is my cry for how this situation can be fixed: make sure that problems you know of are reported upstream to the actual project working on the project. Don’t assume that reporting it to your distro or to your neighbor is enough!

(I could easily point out examples for all these cases for projects I am involved in, but I don’t think pointing fingers will gain us anything.)