Reporting bugs and requesting features¶
Before reporting a bug or requesting a new feature, please consider these general points:
- Check that someone hasn’t already filed the bug or feature request by searching or running custom queries in the ticket tracker.
- Don’t use the ticket system to ask support questions. Use the django-users list or the #django IRC channel for that.
- Don’t reopen issues that have been marked “wontfix” by a core developer. This mark means that the decision has been made that we can’t or won’t fix this particular issue. If you’re not sure why, please ask on django-developers.
- Don’t use the ticket tracker for lengthy discussions, because they’re likely to get lost. If a particular ticket is controversial, please move the discussion to django-developers.
Well-written bug reports are incredibly helpful. However, there’s a certain amount of overhead involved in working with any bug tracking system so your help in keeping our ticket tracker as useful as possible is appreciated. In particular:
- Do read the FAQ to see if your issue might be a well-known question.
- Do ask on django-users or #django first if you’re not sure if what you’re seeing is a bug.
- Do write complete, reproducible, specific bug reports. You must include a clear, concise description of the problem, and a set of instructions for replicating it. Add as much debug information as you can: code snippets, test cases, exception backtraces, screenshots, etc. A nice small test case is the best way to report a bug, as it gives us an easy way to confirm the bug quickly.
- Don’t post to django-developers just to announce that you have filed a bug report. All the tickets are mailed to another list, django-updates, which is tracked by developers and interested community members; we see them as they are filed.
To understand the lifecycle of your ticket once you have created it, refer to Triaging tickets.
Reporting security issues¶
Please report security issues only to firstname.lastname@example.org. This is a private list only open to long-time, highly trusted Django developers, and its archives are not publicly readable.
In the event of a confirmed vulnerability in Django itself, we will take the following actions:
- Acknowledge to the reporter that we’ve received the report and that a fix is forthcoming. We’ll give a rough timeline and ask the reporter to keep the issue confidential until we announce it.
- Focus on developing a fix as quickly as possible and produce patches against the current and two previous releases.
- Determine a go-public date for announcing the vulnerability and the fix. To try to mitigate a possible “arms race” between those applying the patch and those trying to exploit the hole, we will not announce security problems immediately.
- Pre-notify third-party distributors of Django (“vendors”). We will send these vendor notifications through private email which will include documentation of the vulnerability, links to the relevant patch(es), and a request to keep the vulnerability confidential until the official go-public date.
- Publicly announce the vulnerability and the fix on the pre-determined go-public date. This will probably mean a new release of Django, but in some cases it may simply be patches against current releases.
Reporting user interface bugs and features¶
If your bug or feature request touches on anything visual in nature, there are a few additional guidelines to follow:
- Include screenshots in your ticket which are the visual equivalent of a minimal testcase. Show off the issue, not the crazy customizations you’ve made to your browser.
- If the issue is difficult to show off using a still image, consider capturing a brief screencast. If your software permits it, capture only the relevant area of the screen.
- If you’re offering a patch which changes the look or behavior of Django’s UI, you must attach before and after screenshots/screencasts. Tickets lacking these are difficult for triagers and core developers to assess quickly.
- Screenshots don’t absolve you of other good reporting practices. Make sure to include URLs, code snippets, and step-by-step instructions on how to reproduce the behavior visible in the screenshots.
- Make sure to set the UI/UX flag on the ticket so interested parties can find your ticket.
We’re always trying to make Django better, and your feature requests are a key part of that. Here are some tips on how to make a request most effectively:
- Make sure the feature actually requires changes in Django’s core. If your idea can be developed as an independent application or module — for instance, you want to support another database engine — we’ll probably suggest that you to develop it independently. Then, if your project gathers sufficient community support, we may consider it for inclusion in Django.
- First request the feature on the django-developers list, not in the ticket tracker. It’ll get read more closely if it’s on the mailing list. This is even more important for large-scale feature requests. We like to discuss any big changes to Django’s core on the mailing list before actually working on them.
- Describe clearly and concisely what the missing feature is and how you’d like to see it implemented. Include example code (non-functional is OK) if possible.
- Explain why you’d like the feature. In some cases this is obvious, but since Django is designed to help real developers get real work done, you’ll need to explain it, if it isn’t obvious why the feature would be useful.
If core developers agree on the feature, then it’s appropriate to create a ticket. Include a link the discussion on django-developers in the ticket description.
As with most open-source projects, code talks. If you are willing to write the code for the feature yourself or, even better, if you’ve already written it, it’s much more likely to be accepted. If it’s a large feature that might need multiple developers, we’re always happy to give you an experimental branch in our repository; see the Branch policy.
See also: Documenting new features.
How we make decisions¶
Whenever possible, we strive for a rough consensus. To that end, we’ll often have informal votes on django-developers about a feature. In these votes we follow the voting style invented by Apache and used on Python itself, where votes are given as +1, +0, -0, or -1. Roughly translated, these votes mean:
- +1: “I love the idea and I’m strongly committed to it.”
- +0: “Sounds OK to me.”
- -0: “I’m not thrilled, but I won’t stand in the way.”
- -1: “I strongly disagree and would be very unhappy to see the idea turn into reality.”
Although these votes on django-developers are informal, they’ll be taken very seriously. After a suitable voting period, if an obvious consensus arises we’ll follow the votes.
However, consensus is not always possible. If consensus cannot be reached, or if the discussion towards a consensus fizzles out without a concrete decision, we use a more formal process.
Any core committer may call for a formal vote using the same voting mechanism above. A proposition will be considered carried by the core team if:
- There are three “+1” votes from members of the core team.
- There is no “-1” vote from any member of the core team.
- The BDFLs haven’t stepped in and executed their positive or negative veto.
When calling for a vote, the caller should specify a deadline by which votes must be received. One week is generally suggested as the minimum amount of time.
Since this process allows any core committer to veto a proposal, any “-1” votes (or BDFL vetos) should be accompanied by an explanation that explains what it would take to convert that “-1” into at least a “+0”.
Whenever possible, these formal votes should be announced and held in public on the django-developers mailing list. However, overly sensitive or contentious issues – including, most notably, votes on new core committers – may be held in private.