Launchpad itself

Private and/or security-related bugs don't generate emails even though I am a security contact

Bug #529951 reported by Julian Edwards on 2010-03-01

This bug report is a duplicate of: Bug #376186: implicit (e.g.structural) subscriptions to private bugs don't work even when the subscriber has visibility on the bug. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Committed	High	Ian Booth

Bug Description

May be related to bug 425127.

<bigjools> guys, how am I supposed to be notified of private bugs if I never get emailed?
<bigjools> someone filed a serious security problem in soyuz and I didn't know
<gmb> bigjools: That's odd. launchpad-security will have been notified and you should be an indirect member of that team.
<gmb> That said, I didn't see a notification either, so maybe my worldview is too simplistic. Let me look into it for you.
<bigjools> I've never ever had notifications from launchpad-security
<gmb> Hmm.
<gmb> bigjools: The only other thing that would work for you (I think) is to subscribe to all Soyuz's bugs.
<bigjools> I do!
<gmb> You could then filter out the ones that don't carry an X-Launchpad-Bug-Security-Vulnerability: yes header.
<gmb> Oh.
<gmb> bigjools: What bug # is this?
<bigjools> gmb: sorry was otp. bug XXX
<mup> Bug XXX [blanked from bug report but was in IRC]
<bigjools> ooo you get private bugs from mup
-*- gmb hopes that feature is restricted to this server
<bigjools> I have my own bot in our channel and it doesn't even do that
<bigjools> my own as in, I wrote it
<gmb> bigjools: Okay, so, I don't see why you (or anyone else for that matter ) are not getting emailed about security bugs. The code's pretty clear, and the security team is subscribed (otherwise you wouldn't see the bug). The only thing I can think of is if the mails are disappearing or just not getting generated.
<gmb> bigjools: Please file a bug on Malone and I'll try to collar a LOSA and track it down today.
<bigjools> will do
<bigjools> gmb: is this a dupe of bug 425127 ?
<mup> Bug #425127: private bugs in packages people with access to private bugs are subscribed to don't generate emails <Launchpad Bugs:Triaged> <https://launchpad.net/bugs/425127>
<gmb> bigjools: Not exactly, though it might be same root cause. Not everyone can subscribe to security bugs, just the security contact or owner of the target and the reporter. But I'd bet folding money that the "if it's private, don't send email" code is why you didn't get a notification.
<bigjools> ok
<gmb> bigjools: So, file a bug - because this is a separate issue - but feel free to paste this chat for clarification.
<bigjools> will do

Tags:

Revision history for this message

Deryck Hodge (deryck) wrote on 2010-03-03:

Graham, I marked this high because you said you were working on it on IRC. If so, leave it high and add a card to the kanban board. If not, mark it low, until we work on a security or privacy related story.

Changed in malone:
importance:	Undecided → High
status:	New → Triaged

Graham Binns (gmb) on 2010-06-04

tags:

added: story-better-bug-notification

Gary Poster (gary) on 2011-01-21

tags:

removed: story-better-bug-notification

Curtis Hovey (sinzui) on 2011-09-16

Changed in launchpad:
status:	Triaged → Fix Committed
assignee:	nobody → Ian Booth (wallyworld)

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #376186 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.