Launchpad itself

Merge lp:~jcsackett/launchpad/private-bugs-without-supervision into lp:launchpad

private-bugs-without-supervision
Merge into devel

Proposed by j.c.sackett on 2012-04-17

Status:

Merged

Approved by:

Curtis Hovey on 2012-04-17

Approved revision:

no longer in the source branch.

Merged at revision:

15113

Proposed branch:

lp:~jcsackett/launchpad/private-bugs-without-supervision

Merge into:

lp:launchpad

Diff against target:

725 lines (+103/-296)

9 files modified

lib/lp/bugs/doc/bugnotification-sending.txt (+6/-1)
lib/lp/bugs/doc/bugsubscription.txt (+11/-27)
lib/lp/bugs/doc/initial-bug-contacts.txt (+1/-15)
lib/lp/bugs/doc/security-teams.txt (+1/-38)
lib/lp/bugs/model/bug.py (+31/-97)
lib/lp/bugs/model/tests/test_bug.py (+40/-108)
lib/lp/bugs/tests/test_bug_mirror_access_triggers.py (+6/-2)
lib/lp/bugs/tests/test_bugvisibility.py (+7/-1)
lib/lp/services/features/flags.py (+0/-7)

To merge this branch:

bzr merge lp:~jcsackett/launchpad/private-bugs-without-supervision

Critical

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Curtis Hovey (community)	code	2012-04-17	Approve on 2012-04-17
Review via email: mp+102366@code.launchpad.net

This proposal supersedes a proposal from 2012-04-11.

Commit message

Fixes subscription problems when transitioning a bug to non-public information types. Also removes the unused reconcileSubscribers code involved in the transition code.

Description of the change

Summary
=======
The constantly changing setup of subscription and privacy rules led to a
regression, wherein a person marking a bug private would lose access to the
bug, preventing privacy from happening. Because we put the subscriber
reconcilation behind a feature flag and didn't activate it, the absence of a
bug supervisor prevents marking bugs private.

This branch ensures that:
* The bug reporter stays attached
* The bug assignee stays attached
* The bug supervisor is attached if it exists
* The pillar maintainer is attached if the supervisor doesn't exist

Preimp
======
Spoke with Curtis Hovey

Implementation
==============
The reconcileSubscribers, method, which is put behind a feature flag, is
removed as the implementation is now out of date and is unlikely to ever be
enabled. The flag and flag related checks are also removed.

The no f_flag fallback has been cleaned up; it now ensures the bug
supervisor/maintainer fallback works, and ensure the other expected
subscriptions.

A *number* of tests have been updated; they relied on the feature flag being
set, and weren't valid as they were. In some cases entire tests have been
removed, as they were testing for behavior that never existed without the flag,
which was never enabled anywhere.

Tests
=====
bin/test -vvct test_bug.*PrivateAndSecurityRelated

QA
==
Look at the setup in the bug; that should work.

Lint
====

Checking for conflicts and issues in changed files.

Linting changed files:
  lib/lp/bugs/tests/test_bugvisibility.py
  lib/lp/bugs/model/bug.py
  lib/lp/services/features/flags.py

Revision history for this message

Curtis Hovey (sinzui) wrote on 2012-04-11: Posted in a previous version of this proposal

This branch reproduces the situation that drove William to put it behind the feature flag to kill it. Let's not repeat this mistake again.

These rules cannot apply to Ubuntu. it's bug supervisor does not get automatic access to private bugs, this is why we spent an extra three months to create 3 sharing policies instead of one, Ubuntu is not like any other project in Lp. Ubuntu's maintainer does not get access to private or security bugs. recall the success criteria for sharing is that that maintainer (or us) can setup Ubuntu so that ubuntu-security is the only party that can see embargoed security bugs, and apport is the only party that can see user data bugs.

There is, or was, code that checked that the project has .private_bugs or .hasCurrentCommercialSubscription() which we know will be working with private bugs. I am not certain we want check these attributes. Maybe we should just check if the pillar is not Ubuntu -- I do not think any other project took advantage of Lp defects to create policies different from what is documented.

review: Needs Fixing (code)

Revision history for this message

j.c.sackett (jcsackett) wrote on 2012-04-11: Posted in a previous version of this proposal

> This branch reproduces the situation that drove William to put it behind the
> feature flag to kill it. Let's not repeat this mistake again.
>
> These rules cannot apply to Ubuntu. it's bug supervisor does not get automatic
> access to private bugs, this is why we spent an extra three months to create 3
> sharing policies instead of one, Ubuntu is not like any other project in Lp.
> Ubuntu's maintainer does not get access to private or security bugs. recall
> the success criteria for sharing is that that maintainer (or us) can setup
> Ubuntu so that ubuntu-security is the only party that can see embargoed
> security bugs, and apport is the only party that can see user data bugs.

That's a little perplexing; if look at the deleted clause starting on line 19, you can see that the supervisor is already being given access to USERDATA bugs. So if that was the mistake, it was not resolved by the feature flag. I can certainly make the check for Ubuntu, but I want to be clear that it's an additional change from the current behavior (not that there's anything wrong with that).

> There is, or was, code that checked that the project has .private_bugs or
> .hasCurrentCommercialSubscription() which we know will be working with private
> bugs. I am not certain we want check these attributes. Maybe we should just
> check if the pillar is not Ubuntu -- I do not think any other project took
> advantage of Lp defects to create policies different from what is documented.

I'm going to vote for "was". Or, possibly, that check is only being done on bug creation. I think just adding a check for the pillar being Ubuntu is sufficient--we already special case that, so it doesn't feel too wrong to make that check.

I will update the code so that if the pillar is Ubuntu, the bug supervisor is not given access to USERDATA bugs.

Revision history for this message

Curtis Hovey (sinzui) wrote on 2012-04-11: Posted in a previous version of this proposal

We discusses this on IRC. The issue is that while we think the rules for Ubuntu are wrong at this moment, Ubuntu has not reported any issue with changing bugs to private, only projects have this issue. Maybe this is not an issue because apport does not using this path through the code. We will talk with the purple squad to resolve this.

review: Needs Information (code)

Revision history for this message

Curtis Hovey (sinzui) wrote on 2012-04-11: Posted in a previous version of this proposal

We discussed this and believe your change is correct. This is good to land.

review: Approve (code)

Revision history for this message

j.c.sackett (jcsackett) wrote on 2012-04-17:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's a clean diff of just what's changed since the previously
approved MP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPjbI4AAoJEJvCBZ3E2NUPRvkH/iKGm03AAwiU4ftu2Crgb872
sBgMsDUKeDKcrvZqZC7U14OtMLeQew6Fuha6rUZghjHW+m+kQinyclKl6zdtZZAj
7zlcok4eNYQP2UMXp19OJIQkW1RUQPLqzA8x1og7Lz+KggiaSxtD9fG/QE4msGoE
vqGy59tJMZx3FwBmlsQzowNFHcQlFYNeUYGa80r7zx0ZfXJZoBnxc6RMjP5FGQwL
wk1aq20sRzfhKZxCz9aR/fP4JEAxjpqFN5/jaVgSM8TL8yU7UhHalofDwEyfm+iA
hvjjds4/gv+sjkfO/ckMQIx9hSkNqjekeKnzfLwQs4GCKPdrJ8jCuKwoAzl923k=
=RZ+X
-----END PGP SIGNATURE-----

clean.diff

Revision history for this message

Curtis Hovey (sinzui) wrote on 2012-04-17:

Thank you very very much.

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

j.c.sackett

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'lib/lp/bugs/doc/bugnotification-sending.txt'
 --- lib/lp/bugs/doc/bugnotification-sending.txt	2012-04-17 17:59:54 +0000
 +++ lib/lp/bugs/doc/bugnotification-sending.txt	2012-04-17 18:01:41 +0000
@@ -756,9 +756,10 @@
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     print message['To'], message.get_all('X-Launchpad-Bug-Private')
++    foo.bar@canonical.com ['yes']
++    mark@example.com ['yes']
      test@canonical.com ['yes']
--
  The X-Launchpad-Bug-Security-Vulnerability header
  -------------------------------------------------
@@ -772,6 +773,8 @@
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     print message['To'], (
      ...         message.get_all('X-Launchpad-Bug-Security-Vulnerability'))
++    foo.bar@canonical.com ['no']
++    mark@example.com ['no']
      test@canonical.com ['no']
  The presence of the security flag on a bug is, surprise, denoted by a
@@ -786,6 +789,8 @@
      >>> for message in trigger_and_get_email_messages(bug_three):
      ...     print message['To'], (
      ...         message.get_all('X-Launchpad-Bug-Security-Vulnerability'))
++    foo.bar@canonical.com ['yes']
++    mark@example.com ['yes']
      test@canonical.com ['yes']
 === modified file 'lib/lp/bugs/doc/bugsubscription.txt'
 --- lib/lp/bugs/doc/bugsubscription.txt	2012-04-17 17:58:37 +0000
 +++ lib/lp/bugs/doc/bugsubscription.txt	2012-04-17 18:01:41 +0000
@@ -380,17 +380,7 @@
      ()
  When a bug is marked private, specific people like the bugtask bug supervisors
--will be automatically subscribed, and only specifically allowed existing
--direct subscribers (eg bugtask pillar maintainers) will remain subscribed.
--
--We currently use a feature flag to control who is subscribed when a bug is
--made private.
--
--    >>> from lp.services.features.testing import FeatureFixture
--    >>> feature_flag = {
--    ...     'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'}
--    >>> flags = FeatureFixture(feature_flag)
--    >>> flags.setUp()
++will be automatically subscribed.
      >>> from zope.event import notify
@@ -438,26 +428,20 @@
      >>> print_displayname(linux_source_bug.getDirectSubscribers())
      Foo Bar
      Mark Shuttleworth
++    Robert Collins
++    Ubuntu Team
      >>> print_displayname(linux_source_bug.getIndirectSubscribers())
      Martin Pitt
      No Privileges Person
--    Robert Collins
      Sample Person
      Scott James Remnant
--    Ubuntu Team
      >>> print_displayname(linux_source_bug.getAlsoNotifiedSubscribers())
      Martin Pitt
      No Privileges Person
--    Robert Collins
      Sample Person
      Scott James Remnant
--    Ubuntu Team
--
--Clean up the feature flag.
--
--    >>> flags.cleanUp()
  To find out which email addresses should receive a notification email on
  a bug, and why, IBug.getBugNotificationRecipients() assembles an
@@ -472,8 +456,8 @@
      [('foo.bar@canonical.com', 'Subscriber'),
       ('mark@example.com', 'Subscriber'),
       ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'),
--     ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'),
--     ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'),
++     ('robertc@robertcollins.net', 'Subscriber'),
++     ('support@ubuntu.com', u'Subscriber @ubuntu-team'),
       ('test@canonical.com', 'Assignee')]
  If IBug.getBugNotificationRecipients() is passed a  BugNotificationLevel
@@ -486,8 +470,8 @@
      >>> [(address, recipients.getReason(address)[1]) for address in addresses]
      [('foo.bar@canonical.com', 'Subscriber'),
       ('mark@example.com', 'Subscriber'),
--     ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'),
--     ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'),
++     ('robertc@robertcollins.net', 'Subscriber'),
++     ('support@ubuntu.com', u'Subscriber @ubuntu-team'),
       ('test@canonical.com', 'Assignee')]
  When Sample Person is unsubscribed from linux_source_bug, he is no
@@ -501,8 +485,8 @@
      >>> [(address, recipients.getReason(address)[1]) for address in addresses]
      [('foo.bar@canonical.com', 'Subscriber'),
       ('mark@example.com', 'Subscriber'),
--     ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'),
--     ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'),
++     ('robertc@robertcollins.net', 'Subscriber'),
++     ('support@ubuntu.com', u'Subscriber @ubuntu-team'),
       ('test@canonical.com', 'Assignee')]
  ...but remains included for the level LIFECYCLE.
@@ -515,8 +499,8 @@
      [('foo.bar@canonical.com', 'Subscriber'),
       ('mark@example.com', 'Subscriber'),
       ('no-priv@canonical.com', u'Subscriber (linux-source-2.6.15 in Ubuntu)'),
--     ('robertc@robertcollins.net', u'Subscriber (Mozilla Firefox)'),
--     ('support@ubuntu.com', u'Subscriber (Ubuntu) @ubuntu-team'),
++     ('robertc@robertcollins.net', 'Subscriber'),
++     ('support@ubuntu.com', u'Subscriber @ubuntu-team'),
       ('test@canonical.com', 'Assignee')]
  To find out if someone is already directly subscribed to a bug, call
 === modified file 'lib/lp/bugs/doc/initial-bug-contacts.txt'
 --- lib/lp/bugs/doc/initial-bug-contacts.txt	2012-04-17 17:58:37 +0000
 +++ lib/lp/bugs/doc/initial-bug-contacts.txt	2012-04-17 18:01:41 +0000
@@ -288,16 +288,6 @@
       u'Sample Person', u'Steve Alexander', u'Ubuntu Gnome Team',
       u'Ubuntu Team']
--
--We currently use a feature flag to control who is subscribed when a bug is
--made private.
--
--    >>> from lp.services.features.testing import FeatureFixture
--    >>> feature_flag = {
--    ...     'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'}
--    >>> flags = FeatureFixture(feature_flag)
--    >>> flags.setUp()
--
  If a bug is private, no changes are made to the subscriber list when a
  bug is reassigned to a different package.
@@ -329,13 +319,9 @@
  the unallowed subscribers are removed:
      >>> subscriber_names(bug_one_in_ubuntu_firefox.bug)
--    [u'Foo Bar', u'Mark Shuttleworth', u'Sample Person',
++    [u'Foo Bar', u'Sample Person',
       u'Steve Alexander', u'Ubuntu Team']
--Clean up the feature flag.
--
--    >>> flags.cleanUp()
--
  Product Bug Supervisors and Bug Tasks
  -------------------------------------
 === modified file 'lib/lp/bugs/doc/security-teams.txt'
 --- lib/lp/bugs/doc/security-teams.txt	2012-04-17 17:58:37 +0000
 +++ lib/lp/bugs/doc/security-teams.txt	2012-04-17 18:01:41 +0000
@@ -280,17 +280,7 @@
  When a bug becomes security-related, the security contacts for the pillars it
--affects are subscribed to it. This happens regardless of whether the feature
--flag is set.
--
--We currently use a feature flag to control who is subscribed when a bug is
--made security related.
--
--    >>> from lp.services.features.testing import FeatureFixture
--    >>> feature_flag = {
--    ...     'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'}
--    >>> security_flags = FeatureFixture(feature_flag)
--    >>> security_flags.setUp()
++affects are subscribed to it.
      >>> from zope.event import notify
      >>> from lazr.lifecycle.event import ObjectModifiedEvent
@@ -317,30 +307,3 @@
      Bug Reporter
      Distribution Security Contact
      Product Security Contact
--
--Clean up the feature flag.
--
--    >>> security_flags.cleanUp()
--
--And once more without the feature flag.
--
--    >>> product = factory.makeProduct()
--    >>> product.security_contact = factory.makePerson(
--    ...     displayname='Product Security Contact')
--    >>> distribution = factory.makeDistribution()
--    >>> distribution.security_contact = factory.makePerson(
--    ...     displayname='Distribution Security Contact')
--    >>> reporter = factory.makePerson(displayname=u'Bug Reporter')
--    >>> bug = factory.makeBug(product=product, owner=reporter)
--    >>> bug.addTask(owner=reporter, target=distribution)
--    <BugTask ...>
--    >>> old_state = Snapshot(bug, providing=IBug)
--    >>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user)
--    True
--    >>> notify(ObjectModifiedEvent(bug, old_state, ['security_related']))
--    >>> for subscriber_name in sorted(
--    ...     s.displayname for s in bug.getDirectSubscribers()):
--    ...         print subscriber_name
--    Bug Reporter
--    Distribution Security Contact
--    Product Security Contact
 === modified file 'lib/lp/bugs/model/bug.py'
 --- lib/lp/bugs/model/bug.py	2012-04-17 18:00:24 +0000
 +++ lib/lp/bugs/model/bug.py	2012-04-17 18:01:41 +0000
@@ -1740,9 +1740,11 @@
          if information_type in PRIVATE_INFORMATION_TYPES:
              self.who_made_private = who
              self.date_made_private = UTC_NOW
++            missing_subscribers = set([who, self.owner])
          else:
              self.who_made_private = None
              self.date_made_private = None
++            missing_subscribers = set()
          # XXX: This should be a bulk update. RBC 20100827
          # bug=https://bugs.launchpad.net/storm/+bug/625071
          for attachment in self.attachments_unpopulated:
@@ -1751,7 +1753,6 @@
          self.updateHeat()
          # There are several people we need to ensure are subscribed.
--        missing_subscribers = set([who, self.owner])
          # If the information type is userdata, we need to check for bug
          # supervisors who aren't subscribed and should be. If there is no
          # bug supervisor, we need to subscribe the maintainer.
@@ -1774,8 +1775,10 @@
                      missing_subscribers.add(pillar.owner)
          for s in missing_subscribers:
--            subscriptions = get_structural_subscriptions_for_bug(self, s)
--            if subscriptions.is_empty():
++            # Don't subscribe someone if they're already subscribed via a
++            # team.
++            already_subscribed_teams = self.getSubscribersForPerson(s)
++            if already_subscribed_teams.is_empty():
                  self.subscribe(s, who)
          self.information_type = information_type
 === modified file 'lib/lp/bugs/model/tests/test_bug.py'
 --- lib/lp/bugs/model/tests/test_bug.py	2012-04-17 18:00:24 +0000
 +++ lib/lp/bugs/model/tests/test_bug.py	2012-04-17 18:01:41 +0000
@@ -567,14 +567,6 @@
      layer = DatabaseFunctionalLayer
--    def setUp(self):
--        super(TestBugPrivateAndSecurityRelatedUpdatesMixin, self).setUp()
--        f_flag_str = 'disclosure.enhanced_private_bug_subscriptions.enabled'
--        feature_flag = {f_flag_str: 'on'}
--        flags = FeatureFixture(feature_flag)
--        flags.setUp()
--        self.addCleanup(flags.cleanUp)
--
      def test_setPrivate_subscribes_person_who_makes_bug_private(self):
          # When setPrivate(True) is called on a bug, the person who is
          # marking the bug private is subscribed to the bug.
@@ -589,8 +581,8 @@
          # marking the bug private will not be subscribed if they're
          # already a member of a team which is a direct subscriber.
          bug = self.factory.makeBug()
--        team = self.factory.makeTeam()
--        person = team.teamowner
++        person = self.factory.makePerson(name='teamowner')
++        team = self.factory.makeTeam(owner=person, name='team')
          with person_logged_in(person):
              bug.subscribe(team, person)
              bug.setPrivate(True, person)
@@ -632,78 +624,71 @@
          return (bug, bug_owner, naked_bugtask_a, naked_bugtask_b,
                  naked_default_bugtask)
--    def test_setPrivateTrueAndSecurityRelatedTrue(self):
--        # When a bug is marked as private=true and security_related=true, the
--        # direct subscribers should include:
++    def test_transition_to_EMBARGOEDSECURITY_information_type(self):
++        # When a bug is marked as EMBARGOEDSECURITY, the direct subscribers
++        # should include:
          # - the bug reporter
          # - the bugtask pillar security contacts (if set)
          # - the person changing the state
          # - and bug/pillar owners, drivers if they are already subscribed
--        # If the bug is for a private project, then other direct subscribers
--        # should be unsubscribed.
          (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
              self.createBugTasksAndSubscribers())
          initial_subscribers = set((
--            self.factory.makePerson(), bugtask_a.owner, bug_owner,
--            bugtask_a.pillar.security_contact, bugtask_a.pillar.driver))
++            self.factory.makePerson(name='subscriber'), bugtask_a.owner,
++            bug_owner, bugtask_a.pillar.security_contact,
++            bugtask_a.pillar.driver))
++        initial_subscribers.update(bug.getDirectSubscribers())
          with person_logged_in(bug_owner):
              for subscriber in initial_subscribers:
                  bug.subscribe(subscriber, bug_owner)
--            who = self.factory.makePerson()
++            who = self.factory.makePerson(name='who')
              bug.transitionToInformationType(
                  InformationType.EMBARGOEDSECURITY, who=who)
              subscribers = bug.getDirectSubscribers()
++            initial_subscribers.update(bug.getDirectSubscribers())
          expected_subscribers = set((
              bugtask_a.owner,
--            default_bugtask.pillar.bug_supervisor,
              default_bugtask.pillar.driver,
              default_bugtask.pillar.security_contact,
              bug_owner, who))
--        if not self.private_project:
--            expected_subscribers.update(initial_subscribers)
++        expected_subscribers.update(initial_subscribers)
          self.assertContentEqual(expected_subscribers, subscribers)
--    def test_setPrivateTrueAndSecurityRelatedFalse(self):
--        # When a bug is marked as private=true and security_related=false, the
--        # direct subscribers should include:
++    def test_transition_to_USERDATA_information_type(self):
++        # When a bug is marked as USERDATA, the direct subscribers should
++        # include:
          # - the bug reporter
          # - the bugtask pillar bug supervisors (if set)
          # - the person changing the state
          # - and bug/pillar owners, drivers if they are already subscribed
--        # If the bug is for a private project, then other direct subscribers
--        # should be unsubscribed.
          (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
              self.createBugTasksAndSubscribers(private_security_related=True))
          initial_subscribers = set((
--            self.factory.makePerson(), bug_owner,
++            self.factory.makePerson(name='subscriber'), bug_owner,
              bugtask_a.pillar.security_contact, bugtask_a.pillar.driver))
          with person_logged_in(bug_owner):
              for subscriber in initial_subscribers:
                  bug.subscribe(subscriber, bug_owner)
--            who = self.factory.makePerson()
++            who = self.factory.makePerson(name='who')
              bug.transitionToInformationType(InformationType.USERDATA, who)
              subscribers = bug.getDirectSubscribers()
          expected_subscribers = set((
              default_bugtask.pillar.bug_supervisor,
              default_bugtask.pillar.driver,
              bug_owner, who))
--        if not self.private_project:
--            expected_subscribers.update(initial_subscribers)
--            expected_subscribers.remove(bugtask_a.pillar.security_contact)
++        expected_subscribers.update(initial_subscribers)
          self.assertContentEqual(expected_subscribers, subscribers)
--    def test_setPrivateFalseAndSecurityRelatedTrue(self):
--        # When a bug is marked as private=false and security_related=true, the
--        # direct subscribers should include:
++    def test_transition_to_UNEMBARGOEDSECURITY_information_type(self):
++        # When a security bug is unembargoed, direct subscribers should
++        # include:
          # - the bug reporter
          # - the bugtask pillar security contacts (if set)
          # - and bug/pillar owners, drivers if they are already subscribed
--        # If the bug is for a private project, then other direct subscribers
--        # should be unsubscribed.
          (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
              self.createBugTasksAndSubscribers(private_security_related=True))
@@ -715,7 +700,7 @@
          with person_logged_in(bug_owner):
              for subscriber in initial_subscribers:
                  bug.subscribe(subscriber, bug_owner)
--            who = self.factory.makePerson()
++            who = self.factory.makePerson(name='who')
              bug.transitionToInformationType(
                  InformationType.UNEMBARGOEDSECURITY, who)
              subscribers = bug.getDirectSubscribers()
@@ -723,36 +708,33 @@
              default_bugtask.pillar.driver,
              default_bugtask.pillar.security_contact,
              bug_owner))
--        if not self.private_project:
--            expected_subscribers.update(initial_subscribers)
--            expected_subscribers.remove(default_bugtask.pillar.bug_supervisor)
++        expected_subscribers.update(initial_subscribers)
          self.assertContentEqual(expected_subscribers, subscribers)
--    def test_setPrivateFalseAndSecurityRelatedFalse(self):
--        # When a bug is marked as private=false and security_related=false,
--        # any existing subscriptions are left alone.
++    def test_transition_to_PUBLIC_information_type(self):
++        # Subscriptions aren't altered when a bug is transitioned to the
++        # PUBLIC information type.
          (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
              self.createBugTasksAndSubscribers(private_security_related=True))
          initial_subscribers = set((
--            self.factory.makePerson(), bug_owner,
++            self.factory.makePerson(name='subscriber'), bug_owner,
              bugtask_a.pillar.security_contact, bugtask_a.pillar.driver))
          with person_logged_in(bug_owner):
              for subscriber in initial_subscribers:
                  bug.subscribe(subscriber, bug_owner)
--            who = self.factory.makePerson()
--            expected_direct_subscribers = set(bug.getDirectSubscribers())
++            who = self.factory.makePerson(name='who')
++            subscribers_before_public = set(bug.getDirectSubscribers())
              bug.transitionToInformationType(InformationType.PUBLIC, who)
--        subscribers = set(bug.getDirectSubscribers())
--        expected_direct_subscribers.difference_update(
--            (default_bugtask.pillar.security_contact,
--             default_bugtask.pillar.bug_supervisor,
--             bugtask_a.pillar.security_contact))
--        self.assertContentEqual(expected_direct_subscribers, subscribers)
++        subscribers_after_public = set(bug.getDirectSubscribers())
++        self.assertContentEqual(
++            subscribers_before_public,
++            subscribers_after_public)
      def test_setPillarOwnerSubscribedIfNoBugSupervisor(self):
--        # The pillar owner is subscribed if the bug supervisor is not set.
++        # The pillar owner is subscribed if the bug supervisor is not set and
++        # the bug is marked as USERDATA.
          bug_owner = self.factory.makePerson(name='bugowner')
          bug = self.factory.makeBug(owner=bug_owner)
@@ -766,18 +748,19 @@
              subscribers)
      def test_setPillarOwnerSubscribedIfNoSecurityContact(self):
--        # The pillar owner is subscribed if the security contact is not set.
++        # The pillar owner is subscribed if the security contact is not set
++        # and the bug is marked as EMBARGOEDSECURITY.
          bug_owner = self.factory.makePerson(name='bugowner')
          bug = self.factory.makeBug(owner=bug_owner)
          with person_logged_in(bug_owner):
--            who = self.factory.makePerson()
++            who = self.factory.makePerson(name='who')
              bug.transitionToInformationType(
--                InformationType.UNEMBARGOEDSECURITY, who)
++                InformationType.EMBARGOEDSECURITY, who)
              subscribers = bug.getDirectSubscribers()
          naked_bugtask = removeSecurityProxy(bug).default_bugtask
          self.assertContentEqual(
--            set((naked_bugtask.pillar.owner, bug_owner)),
++            set((naked_bugtask.pillar.owner, bug_owner, who)),
              subscribers)
      def _fetch_notifications(self, bug, reason_header):
@@ -833,32 +816,6 @@
                      actual_recipients.append(recipient.person)
          self.assertContentEqual(expected_recipients, actual_recipients)
--    def test_bugSupervisorUnsubscribedIfBugMadePublic(self):
--        # The bug supervisors are unsubscribed if a bug is made public and an
--        # email is sent telling them they have been unsubscribed.
--
--        (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
--            self.createBugTasksAndSubscribers(private_security_related=True))
--
--        with person_logged_in(bug_owner):
--            bug.subscribe(default_bugtask.pillar.bug_supervisor, bug_owner)
--            who = self.factory.makePerson(name="who")
--            bug.transitionToInformationType(
--                InformationType.UNEMBARGOEDSECURITY, who)
--            subscribers = bug.getDirectSubscribers()
--            self.assertNotIn(
--                default_bugtask.pillar.bug_supervisor, subscribers)
--
--            expected_recipients = [
--                default_bugtask.pillar.bug_supervisor,
--                ]
--            expected_body_text = '** This bug is no longer private'
--            expected_reason_body = ('You received this bug notification '
--                    'because you are a bug supervisor.')
--            self._check_notifications(
--                bug, expected_recipients, expected_body_text,
--                expected_reason_body, False, True, 'Bug Supervisor')
--
      def test_structural_bug_supervisor_becomes_direct_on_private(self):
          # If a bug supervisor has a structural subscription to the bug, and
          # the bug is marked as private, the supervisor should get a direct
@@ -876,31 +833,6 @@
              bug.transitionToInformationType(InformationType.USERDATA, who)
          self.assertTrue(bug_supervisor in bug.getDirectSubscribers())
--    def test_securityContactUnsubscribedIfBugNotSecurityRelated(self):
--        # The security contacts are unsubscribed if a bug has security_related
--        # set to false and an email is sent telling them they have been
--        # unsubscribed.
--
--        (bug, bug_owner, bugtask_a, bugtask_b, default_bugtask) = (
--            self.createBugTasksAndSubscribers(private_security_related=True))
--
--        with person_logged_in(bug_owner):
--            bug.subscribe(bugtask_a.pillar.security_contact, bug_owner)
--            who = self.factory.makePerson(name="who")
--            bug.transitionToInformationType(InformationType.USERDATA, who)
--            subscribers = bug.getDirectSubscribers()
--            self.assertFalse(bugtask_a.pillar.security_contact in subscribers)
--
--            expected_recipients = [
--                bugtask_a.pillar.security_contact,
--                ]
--            expected_body_text = '** This bug is no longer security related'
--            expected_reason_body = ('You received this bug notification '
--                    'because you are a security contact.')
--            self._check_notifications(
--                bug, expected_recipients, expected_body_text,
--                expected_reason_body, True, False, 'Security Contact')
--
  class TestBugPrivacy(TestCaseWithFactory):
 === modified file 'lib/lp/bugs/tests/test_bug_mirror_access_triggers.py'
 --- lib/lp/bugs/tests/test_bug_mirror_access_triggers.py	2012-04-17 17:58:37 +0000
 +++ lib/lp/bugs/tests/test_bug_mirror_access_triggers.py	2012-04-17 18:01:41 +0000
@@ -141,7 +141,9 @@
          bug.setPrivate(True, bug.owner)
          self.assertIsNot(
              None, getUtility(IAccessArtifactSource).find([bug]).one())
--        self.assertEqual((1, 1), self.assertMirrored(bug))
++        # There are two grants--one for the reporter, one for the product
++        # owner or supervisor (if set). There is only one policy, USERDATA.
++        self.assertEqual((2, 1), self.assertMirrored(bug))
      def test_security_related(self):
          # Setting the security_related flag uses EMBARGOEDSECURITY
@@ -153,7 +155,9 @@
              [InformationType.USERDATA],
              self.getPolicyTypesForArtifact(artifact))
          bug.setSecurityRelated(True, bug.owner)
--        self.assertEqual((1, 1), self.assertMirrored(bug))
++        # Both the reporter and either the product owner or the product's
++        # security contact have grants.
++        self.assertEqual((2, 1), self.assertMirrored(bug))
          self.assertContentEqual(
              [InformationType.EMBARGOEDSECURITY],
              self.getPolicyTypesForArtifact(artifact))
 === modified file 'lib/lp/bugs/tests/test_bugvisibility.py'
 --- lib/lp/bugs/tests/test_bugvisibility.py	2012-04-17 17:59:54 +0000
 +++ lib/lp/bugs/tests/test_bugvisibility.py	2012-04-17 18:01:41 +0000
@@ -88,72 +88,3 @@
      def test_publicBugAnonUser(self):
          # Since the bug is private, the anonymous user cannot see it.
          self.assertFalse(self.bug.userCanView(None))
--
--
--class TestPrivateBugVisibilityAfterTransition(TestCaseWithFactory):
--    """Test visibility for a public bug, set to private."""
--
--    layer = DatabaseFunctionalLayer
--
--    def setUp(self):
--        super(TestPrivateBugVisibilityAfterTransition, self).setUp()
--        self.product_owner = self.factory.makePerson(name="productowner")
--        self.maintainer = self.factory.makeTeam(
--            name="maintainer",
--            owner=self.product_owner,
--            subscription_policy=TeamSubscriptionPolicy.RESTRICTED)
--        self.maintainer_member = self.factory.makePerson(
--            name="maintainermember")
--        self.owner = self.factory.makePerson(name="bugowner")
--        self.product = self.factory.makeProduct(
--            name="regular-product", owner=self.maintainer)
--        self.bug = self.factory.makeBug(
--            owner=self.owner, product=self.product)
--
--        self.bug_team_member = self.factory.makePerson(name="bugteammember")
--        self.bug_team = self.factory.makeTeam(
--            name="bugteam",
--            owner=self.product_owner)
--
--        with celebrity_logged_in('admin'):
--            self.maintainer.addMember(
--                self.maintainer_member,
--                self.product_owner)
--            self.bug_team.addMember(self.bug_team_member, self.product_owner)
--
--    def _makePrivate(self):
--        with celebrity_logged_in('admin'):
--            self.bug.setPrivate(private=True, who=self.product_owner)
--
--    @contextmanager
--    def _setupSupervisor(self):
--        with celebrity_logged_in('admin'):
--            self.product.setBugSupervisor(
--                bug_supervisor=self.bug_team,
--                user=self.product_owner)
--        yield
--        with celebrity_logged_in('admin'):
--            self.product.setBugSupervisor(
--                bug_supervisor=None,
--                user=self.product_owner)
--
--    def test_bug_supervisor_can_see_bug(self):
--        with self._setupSupervisor():
--            self._makePrivate()
--            self.assertTrue(self.bug.userCanView(self.bug_team_member))
--
--    def test_reporter_can_see(self):
--        self._makePrivate()
--        self.assertTrue(self.bug.userCanView(self.owner))
--
--    def test_maintainer_can_see_without_supervisor(self):
--        # If no bug supervisor is set, the maintainer is given access.
--        self._makePrivate()
--        self.assertTrue(self.bug.userCanView(self.maintainer_member))
--
--    def test_assignee_can_see(self):
--        bug_assignee = self.factory.makePerson(name="bugassignee")
--        with celebrity_logged_in('admin'):
--            self.bug.default_bugtask.transitionToAssignee(bug_assignee)
--        self._makePrivate()
--        self.assertTrue(self.bug.userCanView(bug_assignee))