← Back to team overview

launchpad-dev team mailing list archive

Re: Describing access policies in bug and branch UI


On 12/01/2011 08:39 AM, Matthew Revell wrote:
>> Right now, only people who can see the security bug can remove its
>> security status, right? What happens in a world where we have
>> disclosed (i.e. public) security bug reports? Who gets to remove the
>> security status/tag?

Right now, anyone who is subscribed to a bug can toggle the security and
privacy states. Right now, there are about 4000 public security bugs. It
is common to make security bugs public when the fix is available. Lp's
UI does not make the current practice clear.

> To clarify: I think it should still be the security team, even if the
> security bug is public.

No user has ever reported a bug suggesting a restriction of who can
change the status.

Curtis Hovey

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups