Deactivating a product doesn't hide its productseries' bugs

Bug #1321055 reported by Scott Ritchie on 2014-05-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself

Bug Description

I used to work for iSwifter, and while I was there we created a private Launchpad project to host some private PPAs for us. At the time we were also considering moving away from Jira, so I filed as a sort of placeholder bug to see if we might use Launchpad for bugs.

I no longer work there, and am no longer a member of the private team, however when I do a search of my own reported bugs I can see the above bug in the result list, including its current status and heat level. This is an information leak of some kind, as I might be able to infer things from it (in this case it's rather innocuous, but I could in principle track where and what bugs I filed people were now working on / discussing).

William Grant (wgrant) wrote :

You still have permission to see that bug, but you can't navigate to it because it's on a deactivated project. We normally exclude bugs on inactive projects from searches, but apparently we don't also apply that same check to bugs on series on inactive projects.

information type: Private Security → Public
William Grant (wgrant) wrote : exists, and it's set by bugtask_flatten, but it doesn't currently follow changes so we don't yet use it in bugtasksearch:

            Or(BugTaskFlat.product == None, == True))
            (Product, LeftJoin(Product, And(
                            BugTaskFlat.product_id ==,

We should make setting trigger an update on all affected BugTaskFlat rows, or we should just fix the bugtasksearch check to consider ProductSeries too.

summary: - Search results show bugs I reported but should no longer be able to see
- due to leaving private team
+ Deactivating a product doesn't hide its productseries' bugs
William Grant (wgrant) on 2014-05-22
Changed in launchpad:
importance: Undecided → High
status: New → Triaged
tags: added: bugs search series trivial
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers