Launchpad itself

Shouldn't need access to private bug report to reverse a public duplicate marking

Bug #157899 reported by Stéphane Loeuillet on 2007-10-27

28

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Won't Fix	Low	Unassigned

Bug Description

If a public bug report is marked as a duplicate of a private one, and there's no reason for the public report to be private, then the duplicate marking should be reversed: the public report should become the canonical version, so that more people can see (and have the opportunity to fix) the problem.

However, changing the duplicate marking in this way requires access to the private bug report.

For example, public bug 124233 was marked as a duplicate of private bug 126801, which was private only because it contained someone's private data. So the duplicate marking should have been reversed, but only people with access to bug 126801 could do this.

Fixing this might involve special-casing private bug report pages so that they provide access to the mark-as-duplicate form and nothing else; and/or providing the ability to reverse a duplicate marking from a duplicate bug report.

Fixing bug 396406 would make it unnecessary to fix this bug.

See original description

Tags:

Revision history for this message

Christian Reis (kiko) wrote on 2007-10-28:

#1

I'm not entirely sure. First question: how do you know that bug 126801 is the same issue as bug 122971, given it's private?

Revision history for this message

Stéphane Loeuillet (leroutier) wrote on 2007-10-28:

#2

Well, I know that 122971 is a dupe of 124233. It is a sure thing.

But as 126801 is private, I have to trust the one that declared 124233 a dupe of 126801.

In the end, it shouldn't be possible to mark a bug as a duplicate of a private bug because we can't verify anything.

Revision history for this message

Christian Reis (kiko) wrote on 2007-10-28:

#3

Hmmm. That bug is only private because it contains a private dump of data.

Revision history for this message

Stéphane Loeuillet (leroutier) wrote on 2007-10-28:

#4

A quick solution is that as you have access to this bug, make 122971 a dupe of 126801.
In case I encounter such a problem later, I'll poke someone with higher privileges

Revision history for this message

Matthew Paul Thomas (mpt) wrote on 2007-11-13:

#5

If the only reason for bug 126801 being private is that it contains private data, and there is no reason for the other reports being private, one of the public reports should become the canonical version, because that results in more people who can learn about (and therefore fix) the bug. So someone with access should mark bug 126801 as a duplicate of either bug 122971 or bug 124233, whichever is most useful.

So I guess the only bug in Launchpad here is that you should be able to reverse "public X is duplicate of private Y" to "private Y is duplicate of public X" without having special access to Y. Stéphane, does that sound reasonable? If so I'll update this report to reflect that request.

Changed in launchpad:
importance:	Undecided → Medium
status:	New → Incomplete

Revision history for this message

Stéphane Loeuillet (leroutier) wrote on 2007-11-13:

#6

This solution sounds ok for me.
Thanks

Matthew Paul Thomas (mpt) on 2007-11-15

description:	updated
description:	updated
Changed in malone:
importance:	Medium → Low
status:	Incomplete → Confirmed

Revision history for this message

Matthew Revell (matthew.revell) wrote on 2008-10-24:

#7

Is there any value in being able to link bug reports to related bug reports, in the way that we can presently link bugs<-->questions?

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-10-24: Re: [Bug 157899] Re: Shouldn't need access to private bug report to reverse a public duplicate marking

#8

Isn't that relatively orthogonal to the question of being able to un-dupe a
bug?

Matthew Paul Thomas (mpt) on 2009-07-15

description:

updated

Revision history for this message

Robert Collins (lifeless) wrote on 2011-03-23:

#9

So, unless you can see the private bug, you cannot actually judge whether:
- it really is a duplicate
- the privacy was due to a need for private *discussion* or because sensitive *data* was visible or it was *security* related.

Its possible that the public duplicate actually should be privatised, for instance.

Anyhow - I don't see letting folk without access to the private bug control that bug being sensible; it seems far to likely to have significant negative impact, so I'm going to close this wontfix.

However - we have some work coming up on disclosure and visibility and hopefully we'll improve the interactions around duplicating bugs and bug privacy as part of that work.

Changed in launchpad:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related questions

Launchpad itself: Not allowed to view bug report

Remote bug watches

Bug watches keep track of this bug in other bug trackers.