© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I do not see this as in scope for disclosure. This is not just about confidential private data, this is also about confidential personal data. 95%+ percent of the affected users cannot access a the master bug because the bug was automatiically marked private because the the attachments may contain personal information.
The root issue is not about granting users access. Launchpad has been making links that are 403 or 404 for the user. Launchpad is mean and it must be punished. I think the underlying problem here is that it was assumed that we could change from 403 to 404 because there were no bugs with the UI, which is certainly not true.
It is clear from the user comments on this bug, the dupes, and from IRC conversations that Launchpad is setting bad expectations. Fixing this bug entails explaining the situation:
a. User can access the bug, explain the bug is a duplicate and provide a link
b. The user cannot access the bug, explain the bug is a duplicate of a private bug, show the number (do not link).