With regard to the following patch in Debian I'd recommend that we add to the issue template that we ask where users got their ownCloud from.
This is super dangerous stuff from Debian again. Can't call it otherwise. With 9.0 we can detect that since the question for the code integrity would return "Not enabled" instead of passed. But unluckily this is already 8.2.
(while skipping one version *might* work it is completely untested and I smell already users reporting very hard to debug bugs to us => Waste of time)
https://sources.debian.net/src/owncloud/8.2.2~dfsg-1/debian/patches/0009-Don-t-stop-update-over-several-major-versions.patch/
Let's ask the users to paste the signing status of their ownCloud instance. I went this way instead of simply asking "Has your instance passed code signing?" as a lot of users would probably simply answer "Yes" here.
If they paste the results of http://example.org/index.php/settings/integrity/failed the expected output is "No errors have been found.". Everything else indicates they tampered with their installation.
This prevents people to put their steps into the "Expected" section.
It is better to first read the steps to find out how users reached the
issue, then see what was expected and actually happened.