"Available diffs" are not accessible when publishing private packages via copyPackage()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson |
Bug Description
I published two security updates yesterday: rhythmbox and qt4-x11.
Rhythmbox used syncSource api and seems to have worked fine (diff from 2.90.1~
https:/
http://
qt4-x11 used copyPackage api and did not (diff from 4:4.6.2-0ubuntu5.3 (in Ubuntu) to 4:4.6.2-
https:/
http://
Interestingly, this one did work (diff from 4:4.6.2-0ubuntu5 (in Ubuntu) to 4:4.6.2-
http://
Additionally, mdeslaur published puppet today using syncSource and it seems to work fine (diff from 2.6.4-2ubuntu2.9 to 2.6.4-2ubuntu2.10):
https:/
http://
Related branches
- Brad Crittenden (community): Approve (code)
-
Diff: 96 lines (+27/-6)4 files modifiedlib/lp/soyuz/doc/package-diff.txt (+1/-1)
lib/lp/soyuz/model/packagediff.py (+3/-2)
lib/lp/soyuz/tests/soyuz.py (+2/-1)
lib/lp/soyuz/tests/test_packagediff.py (+21/-2)
description: | updated |
Changed in launchpad: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Colin Watson (cjwatson) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
update_ files_privacy indeed doesn't touch PackageDiffs.
qt4-x11 4:4.6.2-0ubuntu5.3 was originally in the security PPA, and was copied into lucid-security. When the copy happened, a new diff was requested (thinking for some reason that the ancestry was 4:4.6.2-0ubuntu5). We would need to be a little careful here to avoid leaks: we can only make the diff public if it's against an SPR that is published in a public archive. Otherwise I guess we should simply delete it.