= 2011-11-23 =

Curtis requested exploratory testing for 3 bug fixes:

    * privacy ribbon does not appear on bazzar.lp.net ([[Bug:823471]])
    * private team junk branches must be private ([[Bug:881611]])
    * Do not permit open and delegated team to be project owners or security contacts ([[Bug:879103]])

Notes:

    * privacy ribbon has no lock icon on loggerhead ([[Bug:893982]])
    * can't register a +junk branch on private team. Vocabulary doesn't give me the option to register the new branch owned by the private team ([[Bug:893983]])
        * the workflow makes you think you're registering a private branch, but the default options lead to a new public branch, owned by the logged in user
        * registering a private branch using bzr works fine though
    * constraint not satisfied error message setting open/delegated team as the owner of a project.([[Bug:893984]])
        * driver can still be an open/delegated team. Is this by design?
        * you get a better message when you try to set a open/delegated team as the security contact: "You must choose a valid person or team to be the security contact for OOPS Tools."


= 2011-11-30 =

Curtis requested exploratory testing for [[Bug:885692]]. The change fixes [[Bug:603732]] and [[Bug:375331]]

   * widget to choose bug supervisor allows me to choose an invalid person. (tried to add https://qastaging.launchpad.net/~diogo-matsubara+lptest-distroowner as the bug supervisor for test-project-foobar but couldn't. There's a link pointing to the wiki telling me I can only add myself or a team I own) ([[Bug:483521]])
   * as the owner of the project I have access to change status/importance of bugs. Confirmed bug 375331 is fixed.
   * as the owner of the project, I can accept/reject a nomination done by the bug supervisor even if there's no bug supervisor team anymore. Confirmed bug 603732 is fixed.

= 2011-12-09 =

Curtis requested exploratory testing for the fix that includes the privacy banner when a user files a security bug.

   * when you file a security bug, you get a info message about disclosing it and a link to the +secrecy page. Why not make this an ajax link like when you click the edit button next to "this report is private"?
   * maybe privacy controls could be in the banner itself?
   * --(https://bugs.launchpad.net/launchpad/+bug/901332 )--

= 2011-12-15 =

Curtis requested exploratory testing for some bugs landed recently related to
disclosure

== Hardened bugs ==

    * weird result removing an already removed bugtask ([[Bug:904890]])
    * animation of bugtask removal could be a bit smoother but it's clear that the task is removed and there's no red flash anymore. Also history doesn't show bugtask deleted jargon anymore.
    * +filebug does show the banner if you select the security option and removes the banner if you unselect it. [[Bug:890159]] is fixed
    * can't nominate for series after removing them ([[Bug:904902]])
    * no overlay if you remove a task that has a nominated series ([[Bug:904905]])
    * if you try to nominate a sourcepackage bug you don't have permission (hacking the url to go to +nominate), you get a nice error message rather than an oops. [[Bug:901332]] is fixed

== Social private teams ==

    * team creation page (+newteam) could mention that only restricted teams can be turned into a private team.
    * deactivated owner can still add members to the team
    * users who have permission to see the +archive page for a private team's ppa, get a forbidden error when they try to see overview, bugs, blueprints, answers. Perhaps they could get a message saying why the have the archive access but not the team's access.
        * the code facet works though and it seems strange that one works via +archive access
        * translations facet works with a link to import queue (that gives a forbidden error)
    * I couldn't set branch ownership to a private team

= 2011-12-20 =

    * Checked [[Bug:904905]] is fixed on qastaging. Ajax overlay now appears correctly.
    * Checked [[Bug:827902]] is fixed on qastaging. Successfully added a private team as a blueprint/bug subscriber
    * Subscribers portlet in a blueprint shows person icon for teams
    * When you click the link to a private team on a blueprint you get a forbidden error, not allowed here. When you do the same in a bug report you get a slightly better error message saying the information is not shared with you. And you get the privacy banner, in blueprints you don't. 

= 2012-02-07 =

    * [[Bug:911794]] /projects page is forbidden when a private team is listed
        * page constantly timing out https://lp-oops.canonical.com/oops.py/?oopsid=OOPS-324bd85d97f8cef56642cbf07bdaa404
    * [[Bug:855670]] Show the name of the private team in the public role
       * when a user is logged out and tries to click the team name, user gets
         a 404, perhaps they should be prompted to log in?
    * oops creating new team: [[Bug:928391]]

= 2012-03-01 =


    * https://bugs.launchpad.net/launchpad/+bug/932721
        * Working fine

    * https://bugs.launchpad.net/launchpad/+bug/933159
    * https://bugs.launchpad.net/launchpad/+bug/932192
        * Perhaps we could say that once a team is made private, it can't go back to public. next to the "Private teams must have a restricted subscription policy."

    * https://bugs.launchpad.net/launchpad/+bug/922462
        * Working fine

    * https://bugs.launchpad.net/launchpad/+bug/938889
        * Already logged in page shows bread crumbs. Is this right?
        * How about the launchpad is offline page? Was that updated too?