Launchpad itself

Non-admin team member can make the team a bug security contact.

Bug #133676 reported by Jonathan Knowles
6
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Medium
Curtis Hovey
Launchpad itself 10.05

Bug Description

It is currently possible for any member of a team to make that team a bug security contact. This may cause problems if a large team is registered as the security contact for a large project with frequent security bugs.

This is similar to, but not the same as, the problem described in bug 109652.

Only team admininstrators should have the power to register (or unregister) a team as a bug security contact.

Tags: lp-bugs qa-ok

Related branches

lp:~sinzui/launchpad/bug-contacts-1
Henning Eggers (community): Approve (code)
Diff: 980 lines (+510/-335)
9 files modified
lib/lp/bugs/browser/bugrole.py (+127/-0)
lib/lp/bugs/browser/bugsupervisor.py (+24/-96)
lib/lp/bugs/browser/securitycontact.py (+20/-24)
lib/lp/bugs/browser/tests/test_bugsupervisor.py (+167/-0)
lib/lp/bugs/browser/tests/test_securitycontact.py (+154/-0)
lib/lp/bugs/stories/bugs/xx-malone-security-contacts.txt (+6/-8)
lib/lp/bugs/stories/initial-bug-contacts/05-set-distribution-bugcontact.txt (+8/-71)
lib/lp/bugs/stories/initial-bug-contacts/10-set-upstream-bugcontact.txt (+0/-131)
lib/lp/bugs/stories/initial-bug-contacts/25-file-distribution-bug.txt (+4/-5)
Jonathan Knowles (jsk)
Changed in malone:
importance: Undecided → High
Revision history for this message
Christian Reis (kiko) wrote :

Hmmm. But hang on. Aren't only project owners/admins actually able to set up security contacts? If so, this bug has very limited impact.

Revision history for this message
Björn Tillenius (bjornt) wrote :

I'm lowering the priority of this bug, since as kiko points out, this bug has very limited impact.

Changed in malone:
importance: High → Medium
milestone: 1.1.11 → none
status: New → Confirmed
Curtis Hovey (sinzui)
Changed in malone:
assignee: nobody → Curtis Hovey (sinzui)
status: Triaged → In Progress
milestone: none → 10.05
Curtis Hovey (sinzui)
Changed in malone:
status: In Progress → Fix Committed
Revision history for this message
Ursula Junque (ursinha) wrote : Bug fixed by a commit

Fixed in stable r10918 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/10918>

tags: added: qa-needstesting
Curtis Hovey (sinzui)
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui)
Changed in malone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.