Non-admin team member can make the team a bug security contact.
Bug #133676 reported by
Jonathan Knowles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Medium
|
Curtis Hovey |
Bug Description
It is currently possible for any member of a team to make that team a bug security contact. This may cause problems if a large team is registered as the security contact for a large project with frequent security bugs.
This is similar to, but not the same as, the problem described in bug 109652.
Only team admininstrators should have the power to register (or unregister) a team as a bug security contact.
Related branches
lp:~sinzui/launchpad/bug-contacts-1
- Henning Eggers (community): Approve (code)
-
Diff: 980 lines (+510/-335)9 files modifiedlib/lp/bugs/browser/bugrole.py (+127/-0)
lib/lp/bugs/browser/bugsupervisor.py (+24/-96)
lib/lp/bugs/browser/securitycontact.py (+20/-24)
lib/lp/bugs/browser/tests/test_bugsupervisor.py (+167/-0)
lib/lp/bugs/browser/tests/test_securitycontact.py (+154/-0)
lib/lp/bugs/stories/bugs/xx-malone-security-contacts.txt (+6/-8)
lib/lp/bugs/stories/initial-bug-contacts/05-set-distribution-bugcontact.txt (+8/-71)
lib/lp/bugs/stories/initial-bug-contacts/10-set-upstream-bugcontact.txt (+0/-131)
lib/lp/bugs/stories/initial-bug-contacts/25-file-distribution-bug.txt (+4/-5)
Changed in malone: | |
importance: | Undecided → High |
Changed in malone: | |
assignee: | nobody → Curtis Hovey (sinzui) |
status: | Triaged → In Progress |
milestone: | none → 10.05 |
Changed in malone: | |
status: | In Progress → Fix Committed |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in malone: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hmmm. But hang on. Aren't only project owners/admins actually able to set up security contacts? If so, this bug has very limited impact.