Archives

Making ticket votes public

The MetaBrainz ticket tracker (which, incidentally, received a long-needed upgrade recently – thanks, Gentlecat!) is an important tool for all of our projects. It collects all kinds of bug reports, feature requests and other tasks to be done and makes sure none are forgotten.

One of its auxiliary features is the possibility for users to vote for a ticket, to indicate which tickets they consider particularly important. (There are only upvotes; you can’t vote against a ticket.) This may factor in when MetaBrainz employees decide on which tickets to tackle next, although there are other factors as well such as the complexity and the impact of a particular issue.

In the past, who voted for which tickets has been private, mostly because that is the default setting in JIRA, the ticket tracker software used. Only administrators can see the list of voters for a ticket; regular users just see the number of votes.

Now, we have decided to change that: In the future, all logged-in users will be able to see who voted for a ticket. This should not be sensitive information; whoever expressed their support for a ticket by commenting on it instead of (or in addition to) voting already was in the public eye. Still, it is a policy change. We’ve therefore decided to wait two weeks before implementing the new privileges, in order to give everybody the chance to remove any votes that they don’t want to be known with. The ticket tracker provides a list of all tickets that you have voted for.

We’re actually really going to take the HTTPS plunge!

Closing in on three years after stating that “We’re going to take the HTTPS plunge!”, we’re actually really going to do it now. 🙂

Most of our sites have forced HTTPS for some time (metabrainz.org, critiquebrainz.org, bookbrainz.org, listenbrainz.org), but there are still a couple of stragglers, notably musicbrainz.org and acousticbrainz.org.

For MusicBrainz, our beta site is now all HTTPS, web service and all. The main, non-beta musicbrainz.org will be going HTTPS-only except for what’s under /ws/ (ie., the web service) to allow taggers and other programs not currently using HTTPS some transition time. We do not currently have an ETA for when we will make the final jump to HTTPS-only on the MusicBrainz web service, as that partly depends on feedback from our web service users, which leads me to:

If you’re currently using the MusicBrainz web service, please try and switch your program to using beta.musicbrainz.org and see whether your program breaks or not and let us know the status of it. We are aware that some Python versions and MusicBrainz libraries do not support our setup, so while your program may fail now, it might simply be because of dependencies of your program not being updated yet and you might not need to do anything specifically on your end – however, some programs/libraries might need some updates, so the more people test and report back, the better we’ll be able to judge when we can go all-HTTPS-only on musicbrainz.org.

For AcousticBrainz, we now have a shiny new Let’s Encrypt certificate on https://acousticbrainz.org thanks to our systems administrator Zas! As a result, we are going to start redirecting all HTTP traffic to HTTPS on the AcousticBrainz website, including API queries.

In order to give everyone time to verify that their scripts correctly recognise and validate our Let’s Encrypt certificate, we are going to delay the redirect until July 1, 2016. On this date, any HTTP query will automatically be redirected to HTTPS. We will also enable HSTS, so that compliant browsers will redirect to HTTPS on the client-side.

If you have any questions about either the MusicBrainz or the AcousticBrainz transition, please ask.