Launchpad itself

bzr branches should be private by default if linked to a private bug

Bug #589878 reported by Mathias Gug
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Bazaar
Confirmed
Wishlist
Unassigned
Breezy
Triaged
Wishlist
Unassigned
Launchpad itself
Won't Fix
High
Unassigned

Bug Description

While pushing a bzr branch for an Ubuntu package scheduled to be uploaded as a Stable Release Update (https://code.launchpad.net/~ccheney/ubuntu/lucid/eucalyptus/lucid-sru), it turned out that the branch included a fix for a private bug (bug 579942). It would be useful to have the bzr branch marked as private by default if linked to at least one private bug in order to avoid leaking security fixes.

See original description

Related branches

lp:~stevenk/launchpad/link-branch-to-private-bug
Rejected for merging into lp:launchpad
Robert Collins (community): Needs Fixing
Diff: 114 lines (+32/-9)
3 files modified
lib/lp/bugs/model/bug.py (+3/-0)
lib/lp/bugs/model/bugbranch.py (+12/-4)
lib/lp/bugs/tests/test_bugbranch.py (+17/-5)
Mathias Gug (mathiaz)
description: updated
Tim Penhey (thumper)
tags: added: privacy
Changed in launchpad-code:
status: New → Triaged
importance: Undecided → Medium
Curtis Hovey (sinzui)
tags: added: disclosure
Curtis Hovey (sinzui)
Changed in launchpad:
importance: Medium → High
Revision history for this message
Robert Collins (lifeless) wrote :

This is actually a very complex thing:
 - we don't know if a branch is linked to a bug in a revision until we scan the branch
 - branches are (currently) made public|private by a policy on creation
 - so there is a huge race condition :) the branch could be public for 5-10 minutes before a revision is found that links it to a private bug

Secondly, the obvious route to implementation will let any branch be made private at any point in time, with no way for this to be undone (outside of projects that have a commercial subscription for private branches).

I think this probably needs a LEP all of its own, to cover off the corner cases and UI complications.

Revision history for this message
Martin Pool (mbp) wrote : Re: [Bug 589878] Re: bzr branches should be private by default if linked to a private bug

I believe there is a separate bug about letting the bzr client set the
policy when it first creates the branch. (There may already be an API
and all that's needed is a client ui.)

Possibly fixing that would satisfy the underlying case.

If we do want to do the bug/branch check then we could do it on the
bzr client, though that might have a performance cost to check all
related bugs.

Martin

Curtis Hovey (sinzui)
tags: removed: disclosure
Revision history for this message
Robert Collins (lifeless) wrote :

So, I'm going to wontfix this in LP, all things considered: let bzr make branches private on push and I think users will be happy; bzr could even enforce this particular request itself. I'll add a bzr task for that.

Changed in bzr:
status: New → Confirmed
importance: Undecided → Wishlist
Changed in launchpad:
status: Triaged → Won't Fix
Jelmer Vernooij (jelmer)
tags: added: check-for-breezy
Jelmer Vernooij (jelmer)
tags: removed: check-for-breezy
Changed in brz:
importance: Undecided → Wishlist
tags: added: launchpad
Jelmer Vernooij (jelmer)
Changed in brz:
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.