private ppa signing_key_fingerprint shows 'tag:launchpad.net:2008:redacted'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson |
Bug Description
A ppa that I have access to install, but not access to the private team that owns the ppa, is accessible to me via the LP api. I am able to get ppa.getSigningK
For example, the ppa:canonical-
$ lp-shell
Connected to LP service "production" with API version "devel":
Note: LP can be accessed through the "lp" object.
In [1]: lp.me
Out[1]: <person at https:/
In [2]: team = lp.people(
In [3]: team
Out[3]: <team at https:/
In [4]: ppa = team.getPPAByNa
In [5]: ppa
Out[5]: <archive at https:/
In [6]: ppa.signing_
Out[6]: 'tag:launchpad.
In [7]: keydata = ppa.getSigningK
In [8]: keydata[:80]
Out[8]: '-----BEGIN PGP PUBLIC KEY BLOCK--
Related branches
- Thiago F. Pappacena (community): Approve
-
Diff: 154 lines (+88/-8)2 files modifiedlib/lp/soyuz/browser/tests/test_archive_webservice.py (+82/-1)
lib/lp/soyuz/interfaces/archive.py (+6/-7)
tags: | added: api lp-soyuz trivial |
Changed in launchpad: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in launchpad: | |
status: | In Progress → Fix Committed |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
to clarify, the fingerprint isn't required. Would just be nice to have it, since it's available for public ppas, and i don't see any reason it should be redacted while the actual key data is available.