2007-01-30 23:04:40 |
Matthew Paul Thomas |
description |
In some circumstances, Launchpad creates accounts for people who haven't used it at all. Accounts can be merged, but it's not obvious how to do this.
Launchpad also lets anyone register a product, project, regardless of whether the person is actually involved in the software they've described. This could trick people into exposing security bugs to someone who shouldn't see them.
To fix this, the pages for people, products, projects, and distributions should have some discreet but obvious way of saying "hey! this belongs to me!". For accounts, this would go to the account merging interface; for software, it would offer a form to notify Launchpad admins of the issue. |
In some circumstances, Launchpad creates profiles for people who haven't used it at all. Profiles can be merged, but it's not obvious how to do this.
Launchpad also lets anyone register a product, project, regardless of whether the person is actually involved in the software they've described. This could trick people into exposing security bugs to someone who shouldn't see them.
To fix this, the pages for people, products, projects, and distributions should have some discreet but obvious way of saying "hey! this belongs to me!". For profiles, this would go to the account merging interface; for software, it would offer a form to notify Launchpad admins of the issue. |
|