They Really Can’t, But You Can

Read this (now deleted) blog post by a dev at Oracle: No, You Really Can’t

There is so much wrong with that post.  But I’m in a hurry and don’t have time to put down 3000 words deconstructing Oracle’s entire business model and world-view.  Instead, I’ll just explain how we do the exact opposite.

GForge offers up the entire(*) code base for customers to examine, scan, and even change.  We maintain customer-accessible Git repositories (on, of course), so that customers have constant access to the current released version (that would be 6.4.1) and the version that’s in development, which we also deploy and use ourselves every day at

GForge customers can maintain their own Git repo (with, say, custom theme elements, or code to integrate with a custom database, or whatever), pull from ours, and keep up to date with new features, security patches and everything else we come out with.

As if that’s not easy enough, we also regularly send patches to customers to fix specific problems they report, even if they’re not at the current release version.  You don’t have to wait six months for the Oracle mega-patch, and get 3000 other changes you didn’t ask for.

Lastly, customers can (and are encouraged to) send us patches for things they have fixed or improved.  When Tony and I were GForge customers, we did this on a couple of occasions.  You’re welcome.

Every day, we try to treat customers the way we like to be treated.  Customer access to the source is just one reflection of that value.

PS – As if on cue, here’s a great example of why you don’t want to wait six months for the vendor’s bug fixes.

*Okay, okay.  There’s one file that we encrypt, that handles validation of the customer’s license key.  I know Richard Stallman is pro-actively spinning in his grave, but if you really want to see what’s in there, I’m sure we can arrange something.

GForge 6.3.1 Released

Today we are happy to announce the immediate availability of GForge Advanced Server v6.3.1.  This is primarily a bugfix release and the highlights include fixes for the Support Tracker feature and some minor security enhancements.

Download GForge Advanced Server v6.3.1 Now!

Support Tracker Fixes

If you haven’t already tried out the Support feature in GForge AS 6.3, you definitely should.  Here are a few key fixes and enhancements to that feature:

  • [#15070] Support tracker: Member group not set properly.
  • [#15071] Support tracker: skip first notification after the TI is submitted and set the timestamp
  • [#15134] Support group and assignee lost.  Suspecting cron15.php
  • [#15151] Support tracker: autoclose sets close date correctly  but it’s not visible in browse or TI pages.
  • [#15433] Filter “Out Of Office” replies (and similar automated messages) from creating support requests in GForge

Miscellaneous Improvements

There are also a few other improvements that warrant a quick mention:

  • [#11848] Mass Delete broken
  • [#19112] Navigating wiki versions doesn’t quite work right.
  • [#19246] License Tracker – Valid user gets access denied
  • [#19258] Docman allows uploading of HTML files which can have spam  possibly JS making it possible CSRF vuln
  • [#19388] My Account > Disable Account not working
  • [#19221] When parsing files  filesystem_index cronjob could trigger a tracker item notification
  • [#11830] Fix xss vulnerability in tracker item edit screen
  • [#19331] Sanitize paginator parameters
  • [#19847] MAG: change default database name to “gforge” instead of “gforge5”
  • [#19649] upgrade_gforge – Unused plugins cause confusing output

For full details, please have a look at the Complete GForge v6.3.1 ChangeLog

Download GForge Advanced Server v6.3.1 Now!

How Valuable Are You?

A long time ago, I learned some great criteria for taking or keeping any job.  I mean, like, a long time ago.  Like, before Google.

Here they are, in random order – apply your own prioritization:

  • Will you be successful? That is, will you deliver projects, make money, become famous, get the girl, whatever it is that you want.
  • Will you learn something new?  Might be technical, might not.
  • Will you be valued?  Will the people you’re working with (and for) be capable of understanding your contributions?  Will they appreciate your contributions?

For me, the third bullet has always been the toughest to find or keep.  Maybe that’s why it is my most important criteria.  Or, maybe it was already my most important, and I just noticed how much trouble finding it could be.

So, how do people make themselves valuable?  I’ve seen two basic approaches in the twenty or so years I’ve been doing this.

The Wrong Way – What You Keep to Yourself

Historically, people make themselves valuable (and/or powerful) by becoming the choke point for information, or approval, or funding, or whatever.  When only one person in your organization is allowed to touch the requirements (or the database, or whatever), you may be dealing with someone who measures their value this way.

“I take the requirements documents from the customers and bring them to the developers”

He may have people skills, dammit, but he’s not helping the team – he’s making sure that they can’t get along without him.  Or so he thinks.

As a manager, I can tell you that my biggest HR risks are always the people who bottleneck knowledge, process, money, whatever.  If they get hit by a bus, decide they want a big raise, or take an extended vacation, we’re hosed.  They have knowledge, skills or connections that we can’t easily reproduce.  So as the person who’s responsible when bad things happen, I’m going to actively pursue this person’s secrets, and make sure they’re backed up somewhere, by someone.

If it sounds like a bad situation for the team, it is.  But it’s actually just as bad for the person, in most cases.  Ten years ago, I started a new job as a team leader.  The biggest complaint from the team was that they were each chained to a given project.  They were the only person on the project, they carried all of the knowledge, the relationship, and the responsibility.  They couldn’t move on, they couldn’t learn anything new.  They were just stuck.  For most people, this does not feel like success.

A year later, we had standardized our process, the documents we used, even much of the code templates.  People were able to move from one project to another.  They were even able to talk to each other about different projects using common terms.  There were a few people who didn’t like this change, even though they had complained about lack of mobility.  Those folks still hadn’t adjusted their way of measuring their own value.

The Right Way – What You Give Away

Plenty of good engineers are collaborative by nature – that is, they enjoy sharing their knowledge and getting some of yours in return.  And while it’s certainly a more friendly way to work together, it’s also more productive, more robust and more resilient, especially in the face of team or project changes.  But believe it or not, giving away what you know actually makes you more valuable as well.  Think about how valuable Stack Overflow is today, and you’ll see that it’s true.  Compare SO and its success against ExpertsExchange, which largely hides answers behind a paywall.  EE might make some money, but SO rules the world.

Being an “open knowledge” kind of person is also the best defense against Competence Debt and other creeping forms of team decay.  So as a team member I like the approach, but as a manager I demand it.


GForge: What’s Next?

The Pitch

Won’t you make some time to come help us build and perfect GForge Next?  Just leave a comment – we’ll be recruiting First Dozen candidates through the end of April, and would love to hear from you.  If you can’t make it for May, then we’ll add you to the invite list for the Next Hundred phase.  Send a link to anyone that might be looking for a better, more powerful and more cost-effective tool for tracking tasks and collaborating on projects.

First, A Bit Of Background

If you’re already familiar with GForge and what it does, feel free to skip ahead.  If not, you’re in the right place.

GForge is a commercial product built and maintained by the GForge Group.  It was originally started as a fork of the Sourceforge code nearly 15 years ago.  It’s a project collaboration web application that includes a ton of modules for each project, from task tracking to version control, mailing lists and forums to wiki pages and blogs.  It has very broad and deep configurability, and nearly everything can be access-controlled to specific (and configurable) project roles.  Pretty much everything gets logged in an audit table for traceability, and there’s reporting almost everywhere.

Most of our customers are large, engineering-oriented shops with CMM, DoD or other stringent standards to meet, across dozens or even thousands of projects.  Think chip makers, defense contractors, gigantic world-wide engineering and manufacturing conglomerates, that kind of thing.  We license the code to our customers, and they have access to that code for their own security analysis, review or customization purposes.  We’re extremely customer focused.

The Problem

I’ve been at GForge for nearly two years now.  In that time, we’ve added some significant new features (chat and support trackers come to mind), cleaned up a lot of old code, and generally moved the product forward in lots of very gratifying ways.  Before working for GForge, I was a customer for nearly ten years, so I developed some pretty clear ideas of what was special about the product, and what could, uh, use some work.  And while we’ve done many of the things I had in mind, in the end, it’s not enough.

The features, the integration between them, and the data – those are all very solid and still very relevant in 2014.  But the existing GForge code, the existing layout and user experience will just never do the things we want them to do.  The structure of the code is out of step with current patterns, and simply won’t work with autoloaders, Composer and other tools that make PHP so productive in 2014.  Much of it isn’t very testable.  There’s all manner of technical debt in the old code, like raw HTML output from domain models, overly-complicated URL parsing and generation, and so. many. different. pages.

To build the next GForge, we’re going to start from scratch – well, sort of.

Existing GForge Customers: This plan involves a gradual re-implementation of the features currently available in GForge AS.  There is NO plan to end new development or support for GForge AS, and there won’t be any plan until GForge Next is ready for prime time.  Just as we did with the 5.x sunset, existing customers will have plenty of time to evaluate, test and migrate from GForge AS to GForge Next.  We will develop and support both GForge AS and GForge Next for quite some time, and we’ll make sure that the transition is low-risk and high-value for you.

The Plan

To build GForge Next, we’re going to write brand new code on top of the same database.  This means that we’ll be able to check what the new code does by reading and running the old code, using the same data.  It also means that as people start testing GForge Next, they will also be able to switch to (old) and see the exact same data.  Or do something that the new code doesn’t support yet, which brings me to my next point.

The existing features are broad and deep.  In fact, they can be distracting or downright intimidating for new users, who don’t need that kind of power or flexibility.  So we’re going to deliver GForge Next in roughly four phases, outlined below.  The first phase will be focused on task tracking and version control.  It’ll be very simple and very opinionated – many of the choices you could make in the current GForge release will be pre-set and not configurable.   Subsequent phases will add back the existing GForge features, but with carefully reconsidered user experiences, and (wherever possible) mobile and touch-friendly rendering.

Our phases revolve roughly around the size of the testing user base, as follows:

The First Dozen (FREE!)

Starting in late May, we’ll have a very basic, low-friction version of GForge Next deployed and running.  We’re looking for about a dozen people/groups to use it on a daily/weekly basis and work closely with us to ask questions, tell us what works (and what doesn’t work), and basically give us lots of feedback.  In return, we’re going to update the site many times each week (or each day), tweaking the look and feel, fixing bugs and adding features constantly.

Main features for The First Dozen will be pretty basic:

  • Login – Using a GForge account, or others (possibly Github, G+, even Stack Overflow?)
  • Create a Project
  • Invite users to your project
  • Project Chat – Ever-present contact with the entire project team.  Archived, searchable, and integrated with the other GForge Next features.
  • Git repo (including the option to clone a remote as part of the project setup)
  • Kanban Task View (we call them Tracker Items)
  • Tracker Item Browse – a more tabular view than Kanban, with more filtering, sorting, export and edit capability

The goal for this phase is to allow small teams or casual users to test GForge Next with their existing code, with less than 5 minutes of setup time.

The Next Hundred (Still FREE!)

In late July or early August, we’ll add up to 100 users/projects to our test group, and the following features:

  • Sprints – Group Tracker Items, track velocity for each Sprint
  • Super Search – One search bar, in the same place on every page.  Searches everything you’re involved with, and shows results by project or module.
  • The “G” Mega-Menu – Super-simple navigation across everything you might need
  • Git repository browser – See tags, branches, file tree, revisions, commits, and diffs as part of the GForge Next interface
  • Batch Import – Create a bunch of Tracker Items with as little as a title for each.  Paste lines into the box and voila.
  • Activity Stream – See a real-time feed of who’s doing what on the project.  Commits, Kanban and Tracker Item changes, all that stuff.
  • Pull Requests – View and comment on the diff, iterate on the changes, and promote new code, all on the GForge Next server.
  • Standup Report – Get your story straight a the daily, weekly or random standup in 60 seconds or less.  Then everyone can share their 1/2/3 list quickly or review it later via web.

 Open For Business

Late this year, we’ll launch the paid version of the service.  Projects from The First Dozen and The Next Hundred will get free or heavily discounted rates, as will qualified open-source projects and even some startups.  This version will include practically everything currently included in GForge AS, plus some all-new features and capabilities:

  • Workflow Design – Fully-customizable Tracker workflow.  Define who can move a Tracker Item to each status, require fields based on the new status, trigger scripts, set/update fields.
  • Reporting and Charting – Powerful data gathering, filtering and sorting, combined with tabular and printable views, file export, and charting.
  • Project Homepage
  • Wiki
  • Kanban Setup – Define your own custom planning board.  Choose almost any field for the columns (like release, assignee, sprint), group values together, show aggregates for each column (like count or average size).  Save and name your board and let the whole team use it.
  • Organizations and User Groups – Define organizations and put projects under them.  Create groups of users (like customers, vendors, or various departments), and give those groups access to what they need.
  • Customer Support Tracker – Currently available in GForge AS 6.3, give your customers the ability to submit and update tickets.  The customer view shows only those Tracker Items that belong to the user’s group or organization.

But Wait, There’s More!

Starting in 2Q 2015, we’ll add even more:

  • Discussions / mailing lists
  • Social features – Upvoting, endorsements, suggestions based on friends of friends or shared technology between projects.
  • Document Management – The powerful docman module currently available in GForge AS 6.3.  Drag-and-drop upload/download, versioning, comments, even inline edit for text/html.
  • Release Management – Build a roadmap of product versions, and manage the set of Tracker Items in each release.
  • Request To Join
  • Project Fork – Clone the setup and the Git repository for an existing GForge Next project.
  • Blog/CMS Module
  • Tracker Detail Designer – Lay out the Submit or Edit form your way.
  • Migrations from Github and Jira
  • Enterprise Login – Install GForge Next inside the firewall and use LDAP, SSO, or OAuth for your internal user base.
  • SVN and Mercurial support
  • Jenkins Integration – View and kick off Jenkins builds from GForge Next.  Install the Jenkins plugin and give project users seamless access to their GForge Next projects in Jenkins.


Engineering Problem, or Tool Blinders?

Tony and I met with a former co-worker early this year, to talk about his use of MongoDB.  For some reason, they thought Tony was an authority on this.  I just came along for the lunch.

The Question

The gist of the discussion was this:  how best to store large binary objects in the database?  Was Mongo the best choice, or would PostgreSQL be better?  They were using both, but some devs were making a concerted effort to get over to MongoDB for new work.

After about 15 minutes of (kinda non-) discussion, I butted in: “I think you’re asking the wrong question.  Do those files even NEED to be in the database?”

Metadata about the files?  Absolutely.  But the files themselves, probably not.

The Actual Problem

Databases are good at a few things:

  • Finding things quickly (indexing, hashing, etc.)
  • Keeping things straight between many competing threads (ACID stuff)

You know what they’re usually bad at?  Sending or receiving large field values (I mean > 512KB or so), especially within a transaction.  Especially under heavy concurrent load.

I can hear the DBAs out there yelling at the page that of course it can be done.  I didn’t say it was impossible, it’s just soooo not what database are good at.  While various database platform vendors have tried mightily over the years, storing large objects in your database is still possibly the worst physical database design decision you can make:

  • Worse than adding all of your query fields to the PK.
  • Even worse than getting involved in a land war in Asia.
  • Worse than, (gasp), stored procedures?  Well, that might be a closer race, but let’s leave stored procedures for another day.

The GForge Approach (is nothing special)

I’ve always thought that GForge handled files in the clunkiest, lowest-tech way possible – on the file system.  It still does, and even the Big New Version will continue to do so.  But it wasn’t until this discussion that I actually became an advocate for this approach.  Why?  Because it’s only clunky until you compare it to all of the other approaches.

GForge stores all of the metadata (date, name, size, author, project, etc) in the database, we even add some keyword indexing in PostgreSQL’s excellent tsearch facility.  But when it’s time to upload or download one of these files, we use FTP or HTTP.  We get away from the DB when it’s time to do something that might run longer than a second, and we play to the design strengths of those other protocols.  And while nearly all of our customers service web and file traffic from one server, GForge does allow configuration of different hosts to offload those tasks.

This shouldn’t come as a surprise to anyone.  It didn’t really come as a surprise to our friends that asked the original question.  But I could tell they didn’t really want to hear that the best solution didn’t involve new, shiny stuff. I understood that, and I still do.  The best coders are the ones who do it even when no one’s paying them, just to try things out and learn.  You don’t want to squash that initiative, but it can’t be your main criteria for choosing tools to solve business problems.

Have fun out there, just don’t let the shiny get in the way of the job.



I heard from my former co-worker a couple of weeks ago.  They went with S3 storage, indexed metadata in a (PostgreSQL) database, and links between the two.  They managed to find a solution that was both powerful and shiny.  Kudos to them!

Real-World Scenarios, Episode 1: Changecause

The folks at Changecause were good enough to publish a blog post about their efforts to make bug reporting easier for people outside their team.  It was a clever solution for gathering issues from end-users, but there are also a few trade-offs at work.  GForge satisfies the same requirements in a much more elegant (and supportable) way.

Third-Party Integration, Squared

The first anti-pattern is integrating two third-party tools to each other.  Yes, it’s neat, and it’s fun, and I’ve done it, too.  Heck, github has dozens of third-party integrations – so cool.  But what happens when one endpoint changes its behavior, its API signature, or just goes away?  Who do you get help from?

kid pointing both waysHey kid, where’s the trouble?

It’s trivially easy to get caught by a problem like this.  In fact, I’d say it’s inevitable.  And it’s outside your control.  At my last job, this happened to us three times in about six months, with some A-list players.

You may be paying (probably too much !) for your task-management tool, in which case at least you will have a defined service level – that is, someone you’re paying to help you out when things don’t work.  But most small and medium-size software shops rely primarily on free tools, which usually means you’re on your own.  Even if you have an SLA with both (or all) involved vendors, it is extremely likely that they won’t agree on the source of the problem, or its solution.

The Core Competency Question

One of the reasons that these ad-hoc integrations happen in the first place is that it’s software, which is probably your personal core competency anyway.  You spend an hour building something, and it works.  You get a good amount of value out of a minimal amount of your time, and you exercise some control over your otherwise frantic and unpredictable startup experience.

Except that this integration is not your company’s core competency.  Neither is bug tracking, or version control, or DBMS, or any of the other foundational tools that you use to build, e.g., Changecause.  So that hour you spent may have saved some other hours of distraction, handling complaint emails, but it didn’t add a new feature to your actual product.  And, over the next couple of weeks you’ll spend another eight hours tinkering with the integration to add a field, to handle an API change, or to update the API key again.  At that point, you may still be breaking even but it’s clearly not a big win.

Edit: While waiting for my other GForgers to give me their feedback, I happened across this pretty relevant blog post.  I’ve bookmarked it for yet another blog post in the future.

Okay, Smarty Pants

…how would you do it with GForge, then?  I thought you’d never ask.

I would build that same bug submission form in your website, instead of embedding the Google Doc form.  Gather and validate the data using your existing web app framework, like you’re doing for the rest of your app (instead of a different technology, with a different set of quirks and bugs).  Then I’d pack it all up on your back-end server, and send an email to your GForge project.

GForge has really good integration with email.  You can create a bug/ticket/suggestion or whatever you want via email, by sending to the right email address.  By default, it’s [projectname]-[trackername]@[gforgehost], e.g.,  You can even customize the email address, e.g., which is what we do for customer support.  Customers can just send us an email to start a support request, and the GForge Support Tracker captures the entire conversation, including attachments (like screen shots, logs, etc.).

It’s still a minor diversion from your core competency.  But at least it’s a direct connection between your own technology (which you’re responsible for, anyway) and GForge, which we support every day, for some of the biggest companies in the world.  If you want to tweak the form, ask another question (or allow a screen shot), go for it – GForge will still capture everything you send in the e-mail, just the way you sent it.

If you’d like to try it out for yourself, start a free project at, or visit to download the installer and run it on your own server.  If you’re trying it out and have questions or comments, let us know!



PS – I also enjoyed another blog posting by Changecause, this one about their internal planning/task workflow.  It’s somewhat similar to where we’re going internally, and has inspired me to build a GForge template.  I’ll post an update about it sometime soon.

Raytheon: Not Enough New Cyber-Security Talent

GForge customer Raytheon just posted this article in their newsroom about the lack of cyber-security workers, not only in the immediate pipeline, but all the way up the chain – our high school kids aren’t even being told it’s a career.

Given the security hoops we jump through for them, I’m inclined to believe them.

Read the full article here:

GForge Live Discussion (aka Chat)

One of the big new features in 6.2.1 was the Live view on our Discussions plugin.  It’s basically a chat room, about a project, a document, or just about any other object on your GForge site.  All of the conversations are automatically saved as Discussion Threads for later viewing, and are searchable along with everything else in your project.  They’re also access-controlled, so you can allow the right people in on your sensitive discussions.

The best part?  No installs, no widgets, no special ports to open or configure.  It’s all regular web traffic in a regular browser window.

We use Chat all day long at GForge – it’s a huge productivity tool for folks that can’t (or don’t want to) yell over a cube wall.

If you’re not already using Chat, you should definitely check it out.  Here are three short videos by our own Olivia, detailing three great features that make our Chat one of a kind.


Project Activity Feed

From any Chat tab, each user can choose to see project-related activity as it happens.  This is great for keeping up with what’s going on, without having to ask anyone what they’re doing.


Auto-Link, Auto-Preview

When you post through the Chat window (or via email, or directly in the Discussions web page), GForge automatically picks up on what you’ve entered.  We’ll pre-render graphics, embed the YouTube player, show a nice preview block for other URLs, and even provide links to other GForge objects that you mention by ID.  And when you mention something in GForge, we’ll also add a note to that item, tying back to the Discussion where it was discussed.


Emoticons, Sounds, Images

Aside from the very real productivity and team benefits, it’s also fun to make a little noise once in a while.  GForge has a huge set of emoticons that you can click on or type in to let others know what you think.  There’s also a sounds button, with an expandable set of sound clips you can play for everyone.

GForge in One Minute

So, Intern Olivia Treu recently headed back to school…but she left behind a whole raft of how-to screencasts about GForge features.  So many, in fact, that we had her created a YouTube channel to keep them all organized.

Since we’re rapidly wrapping up the 6.3 release, I’m going to highlight a new screencast or two every week for the next few weeks, starting with the original GForge In One Minute:


What To Expect in GForge 6.3

Summer has really flown by. We’ve been so busy adding features and fixes for GForge 6.3, I didn’t even get to the State Fair this year. As we begin winding down, I thought I’d take a few minutes and share the current list of what’s done now and what’s left to do for our release in October.

Before I get into the features and improvements, I want to remind everyone about our Customer Repositories. As you’re reading about all the great things in 6.3, please remember that you can have them right now, by cloning our customer repository and installing the current version of 6.3 in the customer-next branch. It’s the same code we run every day on Test it out, tell your friends, and let us know your feedback.

Now, on to the changes!

What’s New (right now)

There are literally hundreds of individual changes (link), and that level of detail has never made sense to me as a customer. So for this posting, I’m going to talk less about the exact technical changes and more about how the features help you and your team.  Even so, there’s waaaaay too much to wade through.  So, I’ll make it easier by listing the topics below.




Tracker Email Integration Burn-Down Enhancements Trove is Back
Tracker Extra Fields Project Ratings and Reviews Jenkins Integration
Tracker Browse Project Invites Security Enhancements
Tracker Item Project Nav Item Counts Site Administration
Support Tracker New “Group Member” Access Control
Commits, Tracker Workflow and Time Tracking


Tracker Email Integration

Lots of people (ourselves included) have customers who don’t have the time or inclination to visit a GForge site.  Since everyone already uses email, it’s an obvious choice for bridging the gap.

  • Want to let your business customers, testers, or users create Tracker Items just by sending an email?  Now you can.
  • Of course, it would be really great if they got a response back, so they do.  Want to customize what it says?  Check.
  • Do they want to attach a screen shot showing the problem, a spreadsheet with the right numbers, or the log file you need?  We’ve got that covered, too.
  • Wouldn’t it be nice if folks could add a follow-up to the TI by replying to the email?  We thought so, too.
  • Want to use email on any TI?  No problem – now, every Tracker Item has its own email address, too.

Tracker Extra Fields

So many neat things to play with:

  • Don’t need Start Date, Duration or the other “standard” fields for your Tracker?  Now you can turn them off.  In fact, you can turn off any of the default fields for a Tracker.
  • We’ve moved the Tracker Admin options from a separate “admin” page to the regular list of Trackers in each project.  Less clicks!
  • You can now assign a short (alias) name to each value in a select or multi-select type Extra Field.   When used for Status, these aliases can be part of a commit message to trigger workflow on Tracker Items (See Commits, Tracker Workflow and Time Tracking, below).
  • You can now change the Open/Closed category for a Status element without having to delete and re-create the element.
  • New Extra Field: Member List.  This field can show users, site groups or both, and is used to drive “Member Of” access control (see “Group Member” Access Control, below).

Tracker Browse

  • Quick Browse & File Export – We’ve cleaned up the Quick Browse and Query area so it’s less cluttered and clearer to use.  Also, you can get a one-click CSV, XLS or XML download of the exact list you’re looking at (even for multiple pages), whether it’s a Quick Browse or a saved Tracker Query.
  • Grid Updates – You can choose which standard fields (like start/end date) show up in the grid display, just like Tracker Extra Fields.  And we’ve removed the “Delete” link from each row because, really, who uses that?

Tracker Item

  • Submitter Field – We’ve made the Submitter field editable.  If you enter a Tracker Item on behalf of someone else, it can still belong to them.
  • Edit/Delete Follow-Ups – How often does the discussion around a tough problem change course on you?  Some of the notes that are left after it’s solved can be downright misleading.  So now, you can fix the wording on some follow-ups, and delete the ones you don’t need anymore.  These actions are part of the Tracker Item’s change history, so your audit trail is still intact.
  • Smarter Activity Logging – We’ve centralized storage of significant events across all Project plugins (e.g., Tracker, Docman, Wiki, Discussions, etc.), so that the Activity feed in Chat, the Activity view on your Project Home Page, and Activity reporting are all identical, all the time.
  • Assign to “Nobody” – Automatic assignment as part of workflow is pretty cool.  But we ran into some scenarios where we actually wanted a remove any assignees, such as when the Tracker Item is closed.  So now, in the Workflow Transition edit page, you can specify a person to be assigned, or Nobody.

Support Tracker

This one is pretty big – Tony has already written an entire post about it.  We been using an outdated, open-source system for tracking customers, license keys, support tickets and knowledge base articles for a long time.  Like, multiple Presidents ago.  Many of the features listed here were things we needed to bring all of that support directly into GForge.  Starting soon, you’ll be able to open and reply to support tickets via email, get your license keys, and see all of the support incidents for your organization through and

What’s really great is that everyone can take advantage of the same features to provide support for GForge, or for your GForge-based projects just like we do.  If you provide support of any kind, to internal or external customers, you should take a good look at Support Tracker.  Or, just ask us for a tour.

Commits, Tracker Workflow and Time Tracking

GForge already lets you tie files changed in your SCM (CVS, SVN, Git and others) to the Tracker Item you’re working on.  That kind of traceability is huge for code reviews, change management and quality control.  But I’ve always been a little envious of Github’s ability to close issues with a commit.  For developers, it means you commit your code, and don’t have to go back and update a web page, which is a real time-saver.  It’s such a great feature, with one little problem:  in what world are developers allowed to close bugs?  Plus, as much as agile is wonderful and fun, it is still a great idea to know how much time something really took – another area where Github’s approach really falls short.

So we’re going to go Github one better – well, THREE better, if you’re counting:

  1. Branch Name -> Tracker Item – Putting the Tracker Item ID in the commit message is cool.  For the first two or three messages.  But it gets boring pretty quickly.  How about putting #12345 in the branch name instead, and we’ll associate all of the commits to that Tracker Item.  More than one TI (like, fixit_#12345_#23456)?  Not a problem.  Have #12345 in the branch name, and need to point one commit to #23456?  Do it, we’ll handle it for you.
  2. Commit Message -> Workflow – Usually there’s a step or two after you’ve done the work – testing, customer evaluation, staging for release, all that.  If you define the workflow for a Tracker, you can use the status aliases in your commit message to set the next status for a Tracker Item.  When you push that commit to the GForge repository, it will automatically move the Tracker Item along.  For example, add [#12345,test] to the message, and we’ll set #12345 to status “Ready For Test”.
  3. Time Reporting – No one likes reporting time, because you always do it after the work is done.  Like the next day, or a week later.  If you could report time to a Tracker Item right when you did it, not only would it be brain-dead simple, could it actually become….accurate??  Try this in your commit message: [#12345,test,1.5] to tie your commit to #12345, AND move it to “Ready For Test” status, AND log an hour an a half of working time to it.


Burn-Down Enhancements

In 6.2.1, we added Burn-down charts for open/closed Tracker Items associated to each Release.  And that was pretty cool.  For 6.3, we’ve improved the graphing algorithm to give more accurate predictions on velocity and completion date.  We also made it possible to add burn-down charts to your Project Home Page, by adding the %%BURNDOWN%% keyword.  You can add as many as you like, and put HTML DIVs around them to customize the layout and size.

What’s more you can also choose any Tracker Query for the data source.  This Week’s Work, Jeremy’s Bugs, whatever you want, on the front page of the project.

Project Ratings and Reviews

Now your users can leave 5-star ratings on projects, and also add short text reviews.  Ratings and reviews are viewable as part of the project information, to anyone with read permissions.  The average rating can also be part of search results when looking for Projects.

Project Invites

A simple but powerful feature that we’ve been asked for several times – Project Admins can now invite users to join a project.  Enter a list of email addresses, and GForge will send the invitation with a link.  You can invite existing GForge users and new ones in the same batch.  You can even pick the Project role for those users when they join.  One step, done.

Project Nav Item Counts

Different projects use GForge differently – some need lots of mailing lists, some have lots of News/Blog postings, and so on.  To make it easier to see where the good stuff is on each project, we’ve added item counts to primary elements in the Project-level menu (left-side nav).  You’ll be able to see how many Releases, how many root-level Documents and Folders, Blog Postings, and other things you’ve got, without having to click through to each area of the project.

New “Group Member” Access Control

Remember that new “Member List” Extra Field I mentioned before?  Member List fields can be used to drive access control to the Tracker and Tracker Items based on the value.  For example, you can put users from Customer A in one site group, and users from Customer B in another site group.  Then, using the Member List field (let’s label it “Customer” for kicks), you can ensure that only users in Customer A see Tracker Items with that group selected in the “Customer” field.

Member List fields automatically show up in Project Admin’s Role Edit page for Trackers where they are added.


Trove is Back

Yes, we’ve brought back the Trove system for categorizing projects across many different subjects. Site administrators can create whatever categories your enterprise might need, for technology, project phase, geographical area, business unit, compliance – anything you’d like. Project admins can select the right values for their projects, and update them over time.

In 6.3, we’ve made several improvements to Trove to make it more useful for cross-cutting concerns like PMO/budget/performance management, architecture and regulatory compliance, licensing and component re-use, etc.

  • Searching for Projects now includes Trove categories in the search. Use the category names and find projects with the matching Trove entry.
  • Search results can include selected Trove categories in the result table. Site admins can define the specific categories to be displayed. So now you can have Project Phase, Business Unit, or whatever other important information shown right away.
  • Site admins can now set access controls on Trove categories, for information that needs to be managed outside of the project.  We have a customer using this feature for rating the re-use potential and readiness of their individual software projects.  Other orgs may choose to rate project performance, architectural, process or regulatory compliance, or even project success/failure (if there is such a thing!) – anything that might need to be evaluated by people outside the project itself.

Jenkins Integration

We’ve updated our Jenkins plugin code to the newest versions of the Jenkins API, and improved the information we send back to GForge about builds.  You’ll now see activity records each time the build starts and ends, as well as each build result.  Turn on the Activity feed in your Project Chat and see builds happen in real time!

Security Enhancements

  • Better protection against frame-based click-jacking
  • Removal of server info from the HTTP response
  • Protection against bot-based account harvesting, site admins can choose how much user profile info to expose to anonymous users and registered users.
  • When updating your SSH key (for SCM access), users will now be required to enter their password as part of the update.
  • Site admins can set accounts to lock after n bad attempts.  Use 0 to disable this new feature, the default is 5.  Admins can re-enable accounts through the GForge Site Admin pages.

Site Administration

  • Site Admins can now find orphaned and dead projects with some new search criteria.  Click on the “Projects” top-nav tab to see the criteria and search.  Then select a set of projects and mark them all for removal with one click.  Don’t worry, we’ll still ask if you’re sure first.
  • Did your SVN repository get out of sync with GForge commit history/messages?  We’ve got a script for that.  Run the re-parse script to go back through SVN commits and rebuild the corresponding data in GForge.

What’s On The Way (6.3 final)

Well, we’re not done yet.  Here’s what we’re going to finish in the next few weeks.

  • Search Stats – We’ll keep track of popular keywords, and show the top searches to help users find what they’re looking for, and help site admins understand what’s hot.
  • E-Mail Project Members – Project Admins will be able to send email to all members of a project.
  • Generated robots.txt – GForge will automatically offer up a robots.txt, to make sure that search engines don’t choke your server
  • Executable cronjob scripts – A minor enhancement to make manually running the occasional cron script a bit easier.
  • Tracker Browse w/GET – By putting all of the filter params into the URL, you’ll be able to easily copy and paste exact searches to share or bookmark.
  • Tracker Query on Tags – Users will be able to filter Tracker Items by tag values
  • User Stories Tracker Template – A first-class implementation of Use Cases/User Stories that you’ll be able to clone into your own project.  All set up and ready to, uh, agile.
  • Centralized “@”-mentions – Being mentioned in live chat, discussions, Tracker Items or even commit messages will go to your Message Wall, your Chat window, the Notifications list, or the Growl-style notifier, depending on how you’re available at the moment.
  • SCM Access Control from GForge Database – Instead of generating files for Git access control, a hook script will query GForge users, roles and project memberships in real time.  No more giant ACL files for large installations, and no more running the ACL cron manually to repair them.
  • CKEditor Update – The latest version of the greatest embedded WYSIWYG editor.  Some great new features and sweet visual design (See more at

Okay, that was a long list of stuff.  I hope you found some interesting things to check out, and some really good reasons to update.  But for many of you, there is one more reason to consider…

End of Support for 5.x

With all of these new features, and the roadmap we’re planning for 2014, something’s gotta give.  We’ve been making noise all year about the end of support for GForge 5.x, but this time we mean it.  With the release of GForge 6.3 in mid-October, we will no longer provide direct support for 5.x installs.  If at all possible, you should make plans to upgrade, like, now.  Go get the 6.3 snapshot from the Customer repository, fire up a VM copy of your GForge instance and go through the upgrade process.  Let us know what questions, problems and tricks you come across, because we want the upgrade to go smoothly when it’s time.