Launchpad itself

attachment removal and public transition in same e-mail

Bug #373351 reported by Brian Murray on 2009-05-07

This bug report is a duplicate of: Bug #106162: actions performed shortly before duplicate marking are notified to subscribers of the primary bug. Edit Remove

262

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	High	Unassigned

Bug Description

In the event that an attachment is removed, for example a CoreDump.gz, and a bug is made public within a short period of time both events will show up in the e-mail to the ubuntu-bugs mailing. Since the attachment isn't removed right away its possible for someone monitoring the mailing list to still get the "deleted" attachment.

Here's an e-mail to the mailing list:

From: Brian Murray <email address hidden>
To: <email address hidden>
X-Launchpad-Bug: distribution=ubuntu; sourcepackage=compiz; component=universe;
        status=New; importance=Medium; assignee=None;
X-Launchpad-Bug-Tags: apport-crash
X-Launchpad-Bug-Private: no
X-Launchpad-Bug-Security-Vulnerability: no
X-Launchpad-Bug-Commenters: apport leif.walsh
References: <email address hidden>
Message-Id: <email address hidden>
Subject: [Bug 323858] Re: compiz.real crashed with SIGSEGV in g_slist_prepend()
X-Launchpad-Message-Rationale: Subscriber (Ubuntu) @ubuntu-bugs
Precedence: bulk
X-Generated-By: Launchpad (canonical.com); Revision="None";
        Instance="initZopeless config overlay"
X-Launchpad-Hash: d7c8186d554906b70063143bf384f0641b625a59
X-BeenThere: <email address hidden>
X-Mailman-Version: 2.1.8
Reply-To: Bug 323858 <email address hidden>
List-Id: Ubuntu bug tracker changes - HIGH VOLUME
        <ubuntu-bugs.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs>,
        <mailto:<email address hidden>?subject=unsubscribe>
List-Post: <mailto:<email address hidden>>
List-Help: <mailto:<email address hidden>?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs>,
        <mailto:<email address hidden>?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: <email address hidden>
Errors-To: <email address hidden>
Delivered-To: <email address hidden>

** Attachment removed: "CoreDump.gz"
http://launchpadlibrarian.net/21871693/CoreDump.gz

** Visibility changed to: Public

** Changed in: compiz (Ubuntu)
Importance: Undecided => Medium

--
compiz.real crashed with SIGSEGV in g_slist_prepend()
https://bugs.launchpad.net/bugs/323858
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

Tags:

Revision history for this message

Graham Binns (gmb) wrote on 2009-05-08:

A simple fix for this issue would be to not generate notifications for attachment removals on private bugs. That's not necessarily The Right Thing but it solves the problem until we can produce a better, security-aware notification system.

Changed in malone:
importance:	Undecided → High
milestone:	none → 2.2.5
status:	New → Triaged

Björn Tillenius (bjornt) on 2009-06-03

Changed in malone:
milestone:	2.2.5 → 2.2.6

Revision history for this message

Gavin Panella (allenap) wrote on 2009-06-30:

The librarian URL for the deleted attachment also appears in the
activity log, so we must ignore all attachment changes in private
bugs. Unfortunately, this also reduces the usefulness of private bugs.

Perhaps a different solution here is to make sure the librarian either
deletes or denies access for deleted files? A new "purge" mechanism
could be added to the librarian (if one doesn't already exist) for
this use case.

Björn Tillenius (bjornt) on 2009-07-02

Changed in malone:
milestone:	2.2.6 → none

Revision history for this message

Brian Murray (brian-murray) wrote on 2009-07-08:

Bug 181365 is likely a duplicate of this one or vice versa.

Revision history for this message

Martin Pitt (pitti) wrote on 2009-07-15:

I'll add an apport task to wait at least 5 minutes before making these bugs public, as a workaround.

But in general, I have the feeling that Launchpad just became waaaaaay to chatty with bug mail. Nowadays we get tons of useless mails about "attachment removed", "branch linked", "bug #234 marked as duplicate of this", "translation imported", etc., none of which is really relevant. From my POV, only state changes, new attachments, and comments are interesting; if comment mails are _augmented_ with additional data, such as "branch linked" or "attachment removed", that's fine, but having these as single mails, they are pretty much useless anyway (and in practice, the useful ones are accompanied by comments). So as a longer-term goal, I wish that we could review this.

Changed in apport (Ubuntu):
status:	New → Won't Fix
assignee:	nobody → Martin Pitt (pitti)
importance:	Undecided → High
status:	Won't Fix → Triaged

Revision history for this message

Brian Murray (brian-murray) wrote on 2009-07-15:

With regards to Launchpad being too chatty I tend to agree. However, with regards to linking branches - one is not prompted to add a comment when linking a branch so I think it is easy for people to over look adding one. Additionally, when this is combined with the inability to search for bugs with branches I think we run into a situation where it becomes quite easy to miss these low hanging fruit. So ideally one should be prompted to also add a comment when adding a branch if the notification were to be removed.

Revision history for this message

Martin Pitt (pitti) wrote on 2009-07-16: Re: [Bug 373351] Re: attachment removal and public transition in same e-mail

Hello,

Brian Murray [2009-07-15 19:10 -0000]:
> With regards to Launchpad being too chatty I tend to agree. However,
> with regards to linking branches - one is not prompted to add a comment
> when linking a branch

Right, since it doesn't even happen in the web UI. If you use --fixes
lp:xxxxx (or debcommit), then the branch is automatically linked to
the branch, without any manual activity. However, you are still urged
to set the bug to "fix committed" once the branch is actually ready,
etc.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Curtis Hovey (sinzui) on 2011-10-27

Changed in apport (Ubuntu):
status:	Triaged → Invalid

Michael Barnett (mbarnett) on 2011-10-27

no longer affects:

apport (Ubuntu)

William Grant (wgrant) on 2012-08-24

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #106162 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.