A couple of question while drafting the impact description:
* In the bug description, the non admin user is able to remove location after the image is set to public, but can the user does that on images the user didn't upload ?
* The backward incompatible part is about user being able to previously remove the last location (or set an empty list of locations) ? Would this prevent a working workflow some user might have build around that feature ?
A couple of question while drafting the impact description:
* In the bug description, the non admin user is able to remove location after the image is set to public, but can the user does that on images the user didn't upload ?
* The backward incompatible part is about user being able to previously remove the last location (or set an empty list of locations) ? Would this prevent a working workflow some user might have build around that feature ?
Backward incompatible changes are usually not handled by an OSSA tasks but rather triage as a class B type of bug (according to VMT taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy ).