Jump to content

Holistic Expert.

An holistic expert is someone that have the experience and skill of multiple areas so they can see things from a holistic perspective. Most people have experience from two or three areas, which is a source of great strength as you can see and understand the work from more then one perspective. I have many years hands-on experience from all of the main areas of the build process.

I started as a frontend developer and designer way back in 1996, started my own hosting and webdesign company in 2006, was hired as a conversion expert with speciality in psychology in 2011, tester in 2013, teamlead and scrum master in 2015 and then Atlassian expert with speciality in work processes since 2016. I build and train people in portfolio management and I have a keen interest in security and legal matters.

No matter what roles you put in a room I can discuss any topic and understand the pain points of everyone in the room. This is my greatest strength as an Holistc Expert.

My Personal Blog

Videos

Last Active Community Blog

  1. A-Critical

    A group blog by A-critical in Atlassian Related
    • 5 Entries
    • 1 Comment
    • 1821 Views

    Atlassian is great, but on occasion they let out some shady things that we should point out to keep Atlassian true to their five values: Open Company, No bullshit, Build with heart and balance, Don’t #@!% the customer, Play, as a team, Be the change you seek. When this happens, then we post about it here with the intent to make Atlassian aware of when things slip through so they can correct it.

    Jimi Wikman

    In March 2007 the Atlassian community created two suggestion tickets to Atlassian that there is a need for change logs when users edit the comments field. This was a change that was introduced at that time and people quickly noticed that for compliance reasons during audits, there has to be a trace of changes made to a comment and what changes were made.

    The problem as described back in 2007

    Problem Definition

    JIRA-1100 introduced editable comments. This is great. When our security officer reviewed the feature he wanted access to the change history, which would be important in the event of a security audit. It appears that there is no way to view comment history.

    Suggested Solution

    The ability to view comment change history. Ideally, this would be implemented such that a new permission was added 'View comment change history' so that its implementation could be configured at the site level.

     

    How Atlassian handled these tickets

    On October 13th the first ticket, which is for Cloud, was closed for this request, after 17 years (!) with no action taken. You can see the ticket here: https://jira.atlassian.com/browse/JRACLOUD-12400

    image.png

    This was followed up with a corresponding closure of the ticket for Server and Data Center a few days later on October 17th. That ticket can be found here: https://jira.atlassian.com/browse/JRASERVER-12400

    image.png

     

    This is bad for all forms of audit or control of content

    Not only is this a devastating blow towards companies that need this to maintain audit trails for what happens inside a ticket or task, but it is also one of the many reasons why you should never use Jira as a requirement tool. Without the ability to actually trace what happens in a ticket or task, you can never use it in any form of legal context as the content is not tracked with change logs.

    It is a bit strange that Atlassian do not want to implement this as this is already in place for Description and pretty much any other field that exist in Jira. It seems it is ONLY the comments field where this is not added (please correct me if there are other fields). So why is it so hard to implement for comments?

    One thing that is being referenced is that there are permissions related to comments and because you have comments internally and externally there could be situations where you do not want the original content to show in a change log. This makes no sense to me because the change log already should have this built in because there are other areas that also have permissions connected to them, and they don't seem to have any issues.

    It is not hard to add permission data to content such as a change log to ensure the changes are seen only by people that should be able to see it. It is also not difficult to add another permission for who can see the change log for comment changes.

    Atlassian is just not interested in changing unsexy things like comments as they want to build new cool features instead. This is quite obvious from the many tickets never being touched that relates to basic functionality that should be standard in an enterprise platform.

    No traceability for comments, so what?

    I see this comment a lot in those tickets as well. Why do we need to keep track of what is written in the comments anyway, who cares? Well, there are actually many use cases for this.

    For Jira Service Management it is not uncommon that support agents, or customers send sensitive data in comments, even though they should not. This could for example be a password or a token used in a product. If there is a breach, and it leads to a legal situation, then obviously you need to be able to see if a support agent is at fault or not. If all you see if that a comment has been edited, but not in what way, this can cause an issue.

    Yes, you can dig this up in the mail logs and customer notification logs, but only if they are still available and if it is possible to retrieve them. In some cases a ticket might even be moved to another project if there is no proper escalation process and then the content of the ticket changes, and it is even harder to find the emails and customer notifications will not even exist for that ticket in the new project.

    It can also be that you have claims of insult or inappropriate behavior in the comments and if you are in a Jira project and this was some time back, then it will be hard to find in the logs and to know what was actually written.

    In some cases people are using comments as a requirement field (yes, I know that this is borderline insanity, but it happens). In that case you might have serious issues with contracts if the requirements change with no traceability of what or when. This is also true if you use comments for approvals (again, very bad practice) and a hundred other things that take place in the comments.

    What can you do to mitigate this?

    If you really need this then you are basically forced to either buy an app or be very creative with automations and custom fields.

    There is an app called Issue History for Jira that is listed in the comments in one of these tickets and with this you can see all kind of activities that happens in a ticket. This app is not exactly free, and it is a bit puzzling to me as to why this is not bought up by Atlassian and placed into the core Jira product.

    If you want to take the "free" route then you can try to create an automation that save comments on create and also make new saves based on comments edited. It would probably be best to add this to Assets since you will basically see a doubling of content and then any changes on top of that, so you will have quite a lot of entries added. Just consider the new consumption based pricing for Assets which will make that solution as expensive or not more compared to an app...

    Conclusion: Atlassian does not care about legal requirements, unless they have to?

    Ignoring a real legal requirement that many users have is bad, and it does not look good on a company that claim to be an Enterprise solution. Leaving this open for 17 years and in that time they must have reworked the comments functions dozens of times and still they did not put any perceivable efforts into adding a basic functionality such as traceability for customer communication?

    I am sorry, but that is just sloppy and a blatant disregard for legal requirements that their users face globally today.

     

    This feels like a clear breach of Don’t #@!% the customer.

    Recent Entries

Topics from the Forums

Our Active Clubs

Latest Activities

  1. Atlassian Intelligence generates incident summaries, which can help on-call teams save time and reduce the manual effort involved in creating post-incident reviews (PIRs). Select a relevant incident and use the AI-generated suggestions to create and finalize the PIR description. Read more about creating PIRs with Atlassian Intelligence. View full product update

Articles