• Immutable Page
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

2011-11-23

Curtis requested exploratory testing for 3 bug fixes:

• privacy ribbon does not appear on bazzar.lp.net (823471)

• private team junk branches must be private (881611)

• Do not permit open and delegated team to be project owners or security contacts (879103)

Notes:

• privacy ribbon has no lock icon on loggerhead (893982)

• can't register a +junk branch on private team. Vocabulary doesn't give me the option to register the new branch owned by the private team (893983)

  • the workflow makes you think you're registering a private branch, but the default options lead to a new public branch, owned by the logged in user
  • registering a private branch using bzr works fine though

• constraint not satisfied error message setting open/delegated team as the owner of a project.(893984)

  • driver can still be an open/delegated team. Is this by design?
  • you get a better message when you try to set a open/delegated team as the security contact: "You must choose a valid person or team to be the security contact for OOPS Tools."

2011-11-30

Curtis requested exploratory testing for 885692. The change fixes 603732 and 375331

• widget to choose bug supervisor allows me to choose an invalid person. (tried to add https://qastaging.launchpad.net/~diogo-matsubara+lptest-distroowner as the bug supervisor for test-project-foobar but couldn't. There's a link pointing to the wiki telling me I can only add myself or a team I own) (483521)

• as the owner of the project I have access to change status/importance of bugs. Confirmed bug 375331 is fixed.
• as the owner of the project, I can accept/reject a nomination done by the bug supervisor even if there's no bug supervisor team anymore. Confirmed bug 603732 is fixed.

2011-12-09

Curtis requested exploratory testing for the fix that includes the privacy banner when a user files a security bug.

• when you file a security bug, you get a info message about disclosing it and a link to the +secrecy page. Why not make this an ajax link like when you click the edit button next to "this report is private"?
• maybe privacy controls could be in the banner itself?

• https://bugs.launchpad.net/launchpad/+bug/901332

2011-12-15

Curtis requested exploratory testing for some bugs landed recently related to disclosure

Hardened bugs

• weird result removing an already removed bugtask (904890)

• animation of bugtask removal could be a bit smoother but it's clear that the task is removed and there's no red flash anymore. Also history doesn't show bugtask deleted jargon anymore.

• +filebug does show the banner if you select the security option and removes the banner if you unselect it. 890159 is fixed

• can't nominate for series after removing them (904902)

• no overlay if you remove a task that has a nominated series (904905)

• if you try to nominate a sourcepackage bug you don't have permission (hacking the url to go to +nominate), you get a nice error message rather than an oops. 901332 is fixed

Social private teams

• team creation page (+newteam) could mention that only restricted teams can be turned into a private team.
• deactivated owner can still add members to the team
• users who have permission to see the +archive page for a private team's ppa, get a forbidden error when they try to see overview, bugs, blueprints, answers. Perhaps they could get a message saying why the have the archive access but not the team's access.
  • the code facet works though and it seems strange that one works via +archive access
  • translations facet works with a link to import queue (that gives a forbidden error)
• I couldn't set branch ownership to a private team

2011-12-20

• Checked 904905 is fixed on qastaging. Ajax overlay now appears correctly.

• Checked 827902 is fixed on qastaging. Successfully added a private team as a blueprint/bug subscriber

• Subscribers portlet in a blueprint shows person icon for teams
• When you click the link to a private team on a blueprint you get a forbidden error, not allowed here. When you do the same in a bug report you get a slightly better error message saying the information is not shared with you. And you get the privacy banner, in blueprints you don't.

2012-02-07

• 911794 /projects page is forbidden when a private team is listed

  • page constantly timing out https://lp-oops.canonical.com/oops.py/?oopsid=OOPS-324bd85d97f8cef56642cbf07bdaa404

• 855670 Show the name of the private team in the public role

  • when a user is logged out and tries to click the team name, user gets
    • a 404, perhaps they should be prompted to log in?

• oops creating new team: 928391

2012-03-01

• https://bugs.launchpad.net/launchpad/+bug/932721

  • Working fine

• https://bugs.launchpad.net/launchpad/+bug/933159

• https://bugs.launchpad.net/launchpad/+bug/932192

  • Perhaps we could say that once a team is made private, it can't go back to public. next to the "Private teams must have a restricted subscription policy."

• https://bugs.launchpad.net/launchpad/+bug/922462

  • Working fine

• https://bugs.launchpad.net/launchpad/+bug/938889

  • Already logged in page shows bread crumbs. Is this right?
  • How about the launchpad is offline page? Was that updated too?