I'm glad this is escalated, but i suspect that a full fix is out of
scope until the main disclosure work - because we need to get the root
cause - handle things like:
- asking the user if they want to grant visibility to the filer of
dupes (many may be moved at once due to the many-dupes changing case)
- or asking them if they want to close the dupes (bugstatus
duplicate, duplicate-of set to the master, but they cannot see any
info)
- etc etc etc
- we may even need bug relationships to solve this really well - have
a private bug, and a public bug with a bugrelationship of 'depends
on', and have the dupes be made against the public bug.
So I suggest we degrade the bug back to high, that the disclosure work
include this in it, and the short term fix (do not generate links) be
done trivially.
I'm glad this is escalated, but i suspect that a full fix is out of
scope until the main disclosure work - because we need to get the root
cause - handle things like:
- asking the user if they want to grant visibility to the filer of
dupes (many may be moved at once due to the many-dupes changing case)
- or asking them if they want to close the dupes (bugstatus
duplicate, duplicate-of set to the master, but they cannot see any
info)
- etc etc etc
- we may even need bug relationships to solve this really well - have
a private bug, and a public bug with a bugrelationship of 'depends
on', and have the dupes be made against the public bug.
So I suggest we degrade the bug back to high, that the disclosure work
include this in it, and the short term fix (do not generate links) be
done trivially.