launchpad distributions should have separate acls for new, unapproved queues
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
New
|
Undecided
|
Unassigned | ||
Bug Description
I have been aware for many years that the Ubuntu Archive Team had access to manage the unapproved queue in Ubuntu, despite the fact that organizationally, responsibility for this queue lies with the Ubuntu Release Team. This was not ideal, but ultimately acceptable because ~ubuntu-archive are the more privileged group with final say over the archive contents.
What I did not ever realize until today is that the structure of ACLs for queues in Launchpad means that granting ~ubuntu-release (and ~ubuntu-sru, for stable series) management privileges on the *unapproved* queue means they *also* have privileges to manage the new queue.
This is a more concerning issue, because (setting aside significant overlap in membership) ~ubuntu-sru and ~ubuntu-release are not trained in and not responsible for the archive contents (both legal review and namespace management).
Launchpad should be extended to support separate ACLs for the unapproved queue, vs all other queues.
Ideally, we would not grant ~ubuntu-archive management privileges on the unapproved queue. And we would definitely not grant any teams other than ~ubuntu-archive privileges on the other queues (new/rejected).
