2011-11-23

Curtis requested exploratory testing for 3 bug fixes:

• privacy ribbon does not appear on bazzar.lp.net (823471)

• private team junk branches must be private (881611)

• Do not permit open and delegated team to be project owners or security contacts (879103)

Notes:

• privacy ribbon has no lock icon on loggerhead (893982)

• can't register a +junk branch on private team. Vocabulary doesn't give me the option to register the new branch owned by the private team (893983)

  • the workflow makes you think you're registering a private branch, but the default options lead to a new public branch, owned by the logged in user
  • registering a private branch using bzr works fine though

• constraint not satisfied error message setting open/delegated team as the owner of a project.(893984)

  • driver can still be an open/delegated team. Is this by design?
  • you get a better message when you try to set a open/delegated team as the security contact: "You must choose a valid person or team to be the security contact for OOPS Tools."

2011-11-30

Curtis requested exploratory testing for 885692. The change fixes 603732 and 375331

• widget to choose bug supervisor allows me to choose an invalid person. (tried to add https://qastaging.launchpad.net/~diogo-matsubara+lptest-distroowner as the bug supervisor for test-project-foobar but couldn't. There's a link pointing to the wiki telling me I can only add myself or a team I own) (483521)

• as the owner of the project I have access to change status/importance of bugs. Confirmed bug 375331 is fixed.
• as the owner of the project, I can accept/reject a nomination done by the bug supervisor even if there's no bug supervisor team anymore. Confirmed bug 603732 is fixed.

2011-12-09

Curtis requested exploratory testing for the fix that includes the privacy banner when a user files a security bug.

• when you file a security bug, you get a info message about disclosing it and a link to the +secrecy page. Why not make this an ajax link like when you click the edit button next to "this report is private"?
• maybe privacy controls could be in the banner itself?

• https://bugs.launchpad.net/launchpad/+bug/901332

2011-12-15

Curtis requested exploratory testing for some bugs landed recently related to disclosure

Hardened bugs

• weird result removing an already removed bugtask (904890)

• animation of bugtask removal could be a bit smoother but it's clear that the task is removed and there's no red flash anymore. Also history doesn't show bugtask deleted jargon anymore.

• +filebug does show the banner if you select the security option and removes the banner if you unselect it. 890159 is fixed

• can't nominate for series after removing them (904902)

• no overlay if you remove a task that has a nominated series (904905)

• if you try to nominate a sourcepackage bug you don't have permission (hacking the url to go to +nominate), you get a nice error message rather than an oops. 901332 is fixed

Social private teams

• team creation page (+newteam) could mention that only restricted teams can be turned into a private team.
• deactivated owner can still add members to the team
• users who have permission to see the +archive page for a private team's ppa, get a forbidden error when they try to see overview, bugs, blueprints, answers. Perhaps they could get a message saying why the have the archive access but not the team's access.
  • the code facet works though and it seems strange that one works via +archive access
  • translations facet works with a link to import queue (that gives a forbidden error)
• I couldn't set branch ownership to a private team