Launchpad itself

SourcePackageRelease security adapter is unused

Bug #315476 reported by Celso Providelo on 2009-01-09

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	High	Celso Providelo	Launchpad itself 2.2.1

Bug Description

There is a type in the code (s/userfor/usedfor) which indicates the security adapter is not being used as expected, and also that it wasn't tested at all.

Further investigation revealed that not information was leaked because SPRs are not directly exposed in the UI and the related available objects (publishing and build records) reuse the security-adapter code in place (which is correct and covered by tests).

While in this area, we can remove the SPR._cached_publishing_archives and fix up the callsites (theoretically only the SPR security-adapter) because now that security adapters results are cached at the storm cache level, this deprecated property does not represent any performance gain anymore.

Tags:

Revision history for this message

Celso Providelo (cprov) wrote on 2009-01-09:

To be done sooner than later, but doesn't represent any major problem or information leak (no CP required either).

Changed in soyuz:
assignee:	nobody → cprov
importance:	Undecided → High
milestone:	none → 2.2.1
status:	New → In Progress

Revision history for this message

Celso Providelo (cprov) wrote on 2009-01-11:

RF 7545

Changed in soyuz:
status:	In Progress → Fix Committed

Celso Providelo (cprov) on 2009-01-30

Changed in soyuz:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.