Copying packages to -updates always goes through unapproved queue, even when copying user is privileged
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson |
Bug Description
It is right and proper that attempts to copy packages to -updates pockets (or indeed anything in a stable release, but -updates is the case where this mostly comes up) should generally fall into the unapproved queue. Behaving this way was one of Ubuntu's requirements for switching to Archive.copyPackage and friends in the first place; and it is enormously useful that the ability to copy packages around isn't restricted to archive administrators.
However, there are some cases where it is less than desirable. These are the two examples I've run into:
1) Publication of verified stable updates from -proposed. This is done by copying from -proposed to -updates, either by a member of ubuntu-archive or by a less-privileged member of ubuntu-sru. If an archive admin does it, they then have to wait a minute or so for the PackageCopyJob to be processed, and then accept the copy.
2) Copying of security updates from -security. We do this so that security updates are on a widely-mirrored suite on archive.ubuntu.com as well as on the guaranteed-
Now, given that I just landed a branch that exports PackageUpload.
As a strawman proposal, how about if any copies performed by somebody who would pass a permission check on PackageUpload.
Related branches
- Benji York (community): Approve (code)
-
Diff: 379 lines (+148/-19)5 files modifiedlib/lp/soyuz/interfaces/archive.py (+18/-2)
lib/lp/soyuz/interfaces/packagecopyjob.py (+13/-2)
lib/lp/soyuz/model/archive.py (+6/-4)
lib/lp/soyuz/model/packagecopyjob.py (+26/-11)
lib/lp/soyuz/tests/test_packagecopyjob.py (+85/-0)
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → Low |
tags: | added: packages |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Changed in launchpad: | |
status: | Fix Released → Fix Committed |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Maybe it would be better for this to be explicit rather than implicit? i.e. I have to confirm that I want this to bypass the queue rather than it being done for me automatically.