Non-admin team member can make the team a bug security contact.

Bug #133676 reported by Jonathan Knowles on 2007-08-20
6
Affects Status Importance Assigned to Milestone
Launchpad itself
Medium
Curtis Hovey

Bug Description

It is currently possible for any member of a team to make that team a bug security contact. This may cause problems if a large team is registered as the security contact for a large project with frequent security bugs.

This is similar to, but not the same as, the problem described in bug 109652.

Only team admininstrators should have the power to register (or unregister) a team as a bug security contact.

Related branches

Jonathan Knowles (jsk) on 2007-08-20
Changed in malone:
importance: Undecided → High
Christian Reis (kiko) wrote :

Hmmm. But hang on. Aren't only project owners/admins actually able to set up security contacts? If so, this bug has very limited impact.

Björn Tillenius (bjornt) wrote :

I'm lowering the priority of this bug, since as kiko points out, this bug has very limited impact.

Changed in malone:
importance: High → Medium
milestone: 1.1.11 → none
status: New → Confirmed
Curtis Hovey (sinzui) on 2010-05-21
Changed in malone:
assignee: nobody → Curtis Hovey (sinzui)
status: Triaged → In Progress
milestone: none → 10.05
Curtis Hovey (sinzui) on 2010-05-26
Changed in malone:
status: In Progress → Fix Committed
Curtis Hovey (sinzui) on 2010-05-27
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui) on 2010-06-02
Changed in malone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers