Possible to subvert Importance permissions using retargeting
Bug #196331 reported by
Matthew Paul Thomas
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
Low
|
Unassigned | ||
Bug Description
1. Visit a bug report filed against a project where you do not have permission to set the Importance level.
2. Retarget the bug report to a project where you do have permission to set the Importance level.
3. Set the bug's Importance to Critical as you retarget it back to the original project.
What happens: All this is possible.
What should happen: Whenever you retarget a bug report to a project where you do not have permission to set Importance, the Importance should be set to Unknown if the project doesn't use Launchpad for bugtracking, or Undecided if it does. If (and only if) this results in the Importance changing, a note alert should explain this on the following bug page.
See also bug 63000.
| description: | updated |
Revision history for this message
| Björn Tillenius (bjornt) wrote | #1 |
| Changed in malone: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
To post a comment you must log in.
Setting this to low importance, unless you have inidications that people are actually using this to set importance when they shouldn't?