naiveproxy/src/net/docs/bug-triage.md

# Chrome Network Bug Triage

The Chrome network team uses a two day bug triage rotation. The goal is to
review outstanding issues and keep things moving forward. The rotation is time
based rather than objective based. Sheriffs are expected to spend the majority
of their two days working on bug triage/investigation.

## 1. Review untriaged bugs

Look through [this list of untriaged
bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-stars%20-opened&q=status%3Aunconfirmed%2Cuntriaged%20-Needs%3DFeedback%20-Label%3ANetwork-Triaged%20-has:NextAction%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).

The goal is for this query to be empty. Bugs can be removed from the triage queue
by doing any of the following:

* Changing the bug status - marking the bug Available, or closing it.
* Removing the `Internals>Network` component or subcomponent.
* Adding the label `Network-Triaged` (when there are multiple components).

For each bug try to:

* Remove the `Internals>Network` component or subcomponent if it belongs
  elsewhere
* Dupe it against an existing bug
* Close it as `WontFix`.
* Give the bug a priority. Refer to [this document for guidelines](https://docs.google.com/document/d/1JOtp1LS7suqTjMuv41jQFc7aCTR33zJKPoGjKpvVFCA)
* If the bug is a potential security issue (Allows for code execution from remote
  site, allows crossing security boundaries, unchecked array bounds, etc) mark
  it `Type-Bug-Security`.
* If the bug has privacy implications mark it with component `Privacy`.
* Set the type to `Task` or `Feature` when it is not a bug.
* Pay extra attention to possible regressions. Ask the reporter to narrow down using
  [bisect-builds-py](https://www.chromium.org/developers/bisect-builds-py). To
  view suspicious changelists in a regression window, you can use the Change Log
  form on [OmahaProxy](https://omahaproxy.appspot.com/)
* CC others who may be able to help
* Mark it as `Needs-Feedback` and request more information if needed.
* In cases where the bug has multiple components, but primary ownership falls
  outside of networking, further network triage may not be possible. In those
  cases, if possible remove the networking component. Otherwise, add the
  `Network-Triaged` label to the bug, and add a comment explaining which team
  should triage further. Adding the `Network-Triaged` serves to filter the
  bug from our untriaged bug list.
* Avoid spending time deep-diving into ambiguous issues when you suspect it is
  an out of scope server or network problem, and is not clearly high priority
  (for instance, it affects only 1 user and is not a regression).
  Instead:
  * Mark the bug as `Available` with Priority 3.
  * Add the `Needs-Feedback` label
  * Add a comment thanking the reporter, but explaining the issue is ambiguous
    and they need to do the debugging to demonstrate it is an actual Chrome bug.
    * Point them to `chrome://net-export` and the
      [NetLog Viewer](https://netlog-viewer.appspot.com/).
    * Ask them to confirm whether it is a Chromium regression. (Regressions are
      treated as high priority)
* Request a NetLog that captures the problem. You can paste this on the bug:
  ```
  Please collect and attach a chrome://net-export log.
  Instructions can be found here:
  https://chromium.org/for-testers/providing-network-details
  ```
* If a NetLog was provided, try to spend a bit of time reviewing it. See
  [crash-course-in-net-internals.md](crash-course-in-net-internals.md) for an
  introduction.
* Move to a subcomponent of `Internals>Network` if appropriate. See
  [bug-triage-labels.md](bug-triage-labels.md) for an overview of the components.
* If the bug is a crash, see [internal: Dealing with a crash
  ID](https://goto.google.com/network_triage_internal#dealing-with-a-crash-id)
and [internal: Investigating
crashers](https://goto.google.com/network_triage_internal#investigating-crashers)

## 2. Follow-up on issues with the Needs-Feedback label

Look through [this list of Needs=Feedback
bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-modified&q=Needs%3DFeedback%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).

* If the requested feedback was provided, review the new information and repeat
  the same steps as (1) to re-triage based on the new information.
* If the bug had the `Needs-Feedback` label for over 30 days, and the
  feedback needed to make progress was not yet provided, archive the bug.

## 3. Ensure P0 and P1 bugs have an owner

Look through [the list of unowned high priority
bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-stars%20-opened&q=Pri%3A0%2C1%20-has%3Aowner%20-label%3ANetwork-Triaged%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).
These bugs should either have an owner, or be downgraded to a lower priority.

## 4. (Optional) Look through crash reports

Top crashes will already be entered into the bug system by a different process,
so will be handled by the triage steps above.

However if you have time to look through lower threshold crashes, see
[internal: Looking for new crashers](https://goto.google.com/network_triage_internal#looking-for-new-crashers)

## 5. Send out a sheriff report

On the final day of your rotation, send a brief summary to net-dev@chromium.org
detailing any interesting or concerning trends. Do not discuss any restricted
bugs on the public mailing list.

## Covered bug components

Not all of the subcomponents of `Interals>Network` are handled by this rotation.

The ones that are included are:

```
Internals>Network
Internals>Network>Auth
Internals>Network>Cache
Internals>Network>Connectivity
Internals>Network>DomainSecurityPolicy
Internals>Network>Filters
Internals>Network>FTP
Internals>Network>HTTP2
Internals>Network>Library
Internals>Network>Logging
Internals>Network>Proxy
Internals>Network>QUIC
Internals>Network>SDCH
Internals>Network>SSL
Internals>Network>TrustTokens
```

The rest of the `Internals>Network` subcomponents are out of scope,
and covered by separate rotations:

```
Internals>Network>Certificate
Internals>Network>CertTrans
Internals>Network>Cookies
Internals>Network>DataProxy
Internals>Network>DataUse
Internals>Network>DNS
Internals>Network>DoH
Internals>Network>EV
Internals>Network>NetInfo
Internals>Network>NetworkQuality
Internals>Network>ReportingAndNEL
Internals>Network>VPN
```

## Management

* Your rotation will appear in Google Calendar as two days. You are expected to
  work on it full-time (as best you can) during those calendar days, during your
  ordinary working hours.

* Google Calendar [google.com_52n2p39ad82hah9v7j26vek830@group.calendar.google.com](https://calendar.google.com/calendar/embed?src=google.com_52n2p39ad82hah9v7j26vek830%40group.calendar.google.com&ctz=America%2FLos_Angeles)

* Owners for the network bug triage rotation can find instructions on
generating and modifying shifts
[here (internal-only)](https://goto.google.com/pflvb).

* An overview of bug trends can be seen on [Chromium
  Dashboard](https://chromiumdash.appspot.com/components/Internals/Network?project=Chromium)

* There is also an [internal dashboard with bug trends for Web
  Platform](https://goto.google.com/vufyq) that includes network issues.

* The issue tracker doesn't track any official mappings between components and
  OWNERS. This [internal document](https://goto.google.com/kojfj) enumerates
  the known owners for subcomponents.

* [Web Platform Team SLOs](https://docs.google.com/document/d/18ylPve6jd43m8B7Dil6xmS4G9MHL2_DhQon72je-O9o/edit)

* [Web Platform bug triage guidelines](https://docs.google.com/document/d/1JOtp1LS7suqTjMuv41jQFc7aCTR33zJKPoGjKpvVFCA)
Import chromium-90.0.4430.85 2021-05-20 19:50:53 +03:00			`# Chrome Network Bug Triage`

			`The Chrome network team uses a two day bug triage rotation. The goal is to`
			`review outstanding issues and keep things moving forward. The rotation is time`
			`based rather than objective based. Sheriffs are expected to spend the majority`
			`of their two days working on bug triage/investigation.`

			`## 1. Review untriaged bugs`

			`Look through [this list of untriaged`
			bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-stars%20-opened&q=status%3Aunconfirmed%2Cuntriaged%20-Needs%3DFeedback%20-Label%3ANetwork-Triaged%20-has:NextAction%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).

			`The goal is for this query to be empty. Bugs can be removed from the triage queue`
			`by doing any of the following:`

			`* Changing the bug status - marking the bug Available, or closing it.`
			* Removing the `Internals>Network` component or subcomponent.
			* Adding the label `Network-Triaged` (when there are multiple components).

			`For each bug try to:`

			* Remove the `Internals>Network` component or subcomponent if it belongs
			`elsewhere`
			`* Dupe it against an existing bug`
			* Close it as `WontFix`.
			`* Give the bug a priority. Refer to [this document for guidelines](https://docs.google.com/document/d/1JOtp1LS7suqTjMuv41jQFc7aCTR33zJKPoGjKpvVFCA)`
			`* If the bug is a potential security issue (Allows for code execution from remote`
			`site, allows crossing security boundaries, unchecked array bounds, etc) mark`
			it `Type-Bug-Security`.
			* If the bug has privacy implications mark it with component `Privacy`.
			* Set the type to `Task` or `Feature` when it is not a bug.
			`* Pay extra attention to possible regressions. Ask the reporter to narrow down using`
			`[bisect-builds-py](https://www.chromium.org/developers/bisect-builds-py). To`
			`view suspicious changelists in a regression window, you can use the Change Log`
			`form on [OmahaProxy](https://omahaproxy.appspot.com/)`
			`* CC others who may be able to help`
			* Mark it as `Needs-Feedback` and request more information if needed.
			`* In cases where the bug has multiple components, but primary ownership falls`
			`outside of networking, further network triage may not be possible. In those`
			`cases, if possible remove the networking component. Otherwise, add the`
			`Network-Triaged` label to the bug, and add a comment explaining which team
			should triage further. Adding the `Network-Triaged` serves to filter the
			`bug from our untriaged bug list.`
			`* Avoid spending time deep-diving into ambiguous issues when you suspect it is`
			`an out of scope server or network problem, and is not clearly high priority`
			`(for instance, it affects only 1 user and is not a regression).`
			`Instead:`
			* Mark the bug as `Available` with Priority 3.
			* Add the `Needs-Feedback` label
			`* Add a comment thanking the reporter, but explaining the issue is ambiguous`
			`and they need to do the debugging to demonstrate it is an actual Chrome bug.`
			* Point them to `chrome://net-export` and the
			`[NetLog Viewer](https://netlog-viewer.appspot.com/).`
			`* Ask them to confirm whether it is a Chromium regression. (Regressions are`
			`treated as high priority)`
			`* Request a NetLog that captures the problem. You can paste this on the bug:`
			```
			`Please collect and attach a chrome://net-export log.`
			`Instructions can be found here:`
			`https://chromium.org/for-testers/providing-network-details`
			```
			`* If a NetLog was provided, try to spend a bit of time reviewing it. See`
			`[crash-course-in-net-internals.md](crash-course-in-net-internals.md) for an`
			`introduction.`
			* Move to a subcomponent of `Internals>Network` if appropriate. See
			`[bug-triage-labels.md](bug-triage-labels.md) for an overview of the components.`
			`* If the bug is a crash, see [internal: Dealing with a crash`
			`ID](https://goto.google.com/network_triage_internal#dealing-with-a-crash-id)`
			`and [internal: Investigating`
			`crashers](https://goto.google.com/network_triage_internal#investigating-crashers)`

			`## 2. Follow-up on issues with the Needs-Feedback label`

			`Look through [this list of Needs=Feedback`
			bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-modified&q=Needs%3DFeedback%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).

			`* If the requested feedback was provided, review the new information and repeat`
			`the same steps as (1) to re-triage based on the new information.`
			* If the bug had the `Needs-Feedback` label for over 30 days, and the
			`feedback needed to make progress was not yet provided, archive the bug.`

			`## 3. Ensure P0 and P1 bugs have an owner`

			`Look through [the list of unowned high priority`
			bugs](https://bugs.chromium.org/p/chromium/issues/list?sort=pri%20-stars%20-opened&q=Pri%3A0%2C1%20-has%3Aowner%20-label%3ANetwork-Triaged%20component%3DInternals%3ENetwork%2CInternals%3ENetwork%3ECache%2CInternals%3ENetwork%3ESSL%2CInternals%3ENetwork%3EQUIC%2CInternals%3ENetwork%3EAuth%2CInternals%3ENetwork%3EHTTP2%2CInternals%3ENetwork%3EProxy%2CInternals%3ENetwork%3ELibrary%2CInternals%3ENetwork%3ELogging%2CInternals%3ENetwork%3EConnectivity%2CInternals%3ENetwork%3EDomainSecurityPolicy%2CInternals%3ENetwork%3ETrustTokens%2CInternals%3ENetwork%3EFilters%2CInternals%3ENetwork%3EFTP%2CInternals%3ENetwork%3ESDCH).
			`These bugs should either have an owner, or be downgraded to a lower priority.`

			`## 4. (Optional) Look through crash reports`

			`Top crashes will already be entered into the bug system by a different process,`
			`so will be handled by the triage steps above.`

			`However if you have time to look through lower threshold crashes, see`
			`[internal: Looking for new crashers](https://goto.google.com/network_triage_internal#looking-for-new-crashers)`

			`## 5. Send out a sheriff report`

			`On the final day of your rotation, send a brief summary to net-dev@chromium.org`
			`detailing any interesting or concerning trends. Do not discuss any restricted`
			`bugs on the public mailing list.`

			`## Covered bug components`

			Not all of the subcomponents of `Interals>Network` are handled by this rotation.

			`The ones that are included are:`

			```
			`Internals>Network`
			`Internals>Network>Auth`
			`Internals>Network>Cache`
			`Internals>Network>Connectivity`
			`Internals>Network>DomainSecurityPolicy`
			`Internals>Network>Filters`
			`Internals>Network>FTP`
			`Internals>Network>HTTP2`
			`Internals>Network>Library`
			`Internals>Network>Logging`
			`Internals>Network>Proxy`
			`Internals>Network>QUIC`
			`Internals>Network>SDCH`
			`Internals>Network>SSL`
			`Internals>Network>TrustTokens`
			```

			The rest of the `Internals>Network` subcomponents are out of scope,
			`and covered by separate rotations:`

			```
			`Internals>Network>Certificate`
			`Internals>Network>CertTrans`
			`Internals>Network>Cookies`
			`Internals>Network>DataProxy`
			`Internals>Network>DataUse`
			`Internals>Network>DNS`
			`Internals>Network>DoH`
			`Internals>Network>EV`
			`Internals>Network>NetInfo`
			`Internals>Network>NetworkQuality`
			`Internals>Network>ReportingAndNEL`
			`Internals>Network>VPN`
			```

			`## Management`

			`* Your rotation will appear in Google Calendar as two days. You are expected to`
			`work on it full-time (as best you can) during those calendar days, during your`
			`ordinary working hours.`

			`* Google Calendar [google.com_52n2p39ad82hah9v7j26vek830@group.calendar.google.com](https://calendar.google.com/calendar/embed?src=google.com_52n2p39ad82hah9v7j26vek830%40group.calendar.google.com&ctz=America%2FLos_Angeles)`

			`* Owners for the network bug triage rotation can find instructions on`
			`generating and modifying shifts`
			`[here (internal-only)](https://goto.google.com/pflvb).`

			`* An overview of bug trends can be seen on [Chromium`
			`Dashboard](https://chromiumdash.appspot.com/components/Internals/Network?project=Chromium)`

			`* There is also an [internal dashboard with bug trends for Web`
			`Platform](https://goto.google.com/vufyq) that includes network issues.`

			`* The issue tracker doesn't track any official mappings between components and`
			`OWNERS. This [internal document](https://goto.google.com/kojfj) enumerates`
			`the known owners for subcomponents.`

			`* [Web Platform Team SLOs](https://docs.google.com/document/d/18ylPve6jd43m8B7Dil6xmS4G9MHL2_DhQon72je-O9o/edit)`

			`* [Web Platform bug triage guidelines](https://docs.google.com/document/d/1JOtp1LS7suqTjMuv41jQFc7aCTR33zJKPoGjKpvVFCA)`