← Back to team overview

randrteam team mailing list archive

  1. randrteam team
  2. Mailing list archive
  3. Message #00089

~randrteam is an open and compromised team

  Thread PreviousDate PreviousThread Next 
I work on launchpad and was looking at some odd cases where open
teams were subscribed to private bugs. I see that ~randrteam is
an open team subscribed to
https://bugs.launchpad.net/orderportal/+bug/595617

I joined the team to get access to the bug! I agree it should be
private, but your team should not be open or delegated. I recommend
changing the team's subscription policy to moderated so that you
can vet any user that want to join the team.

I was even more surprised to see the team has a PPA. Only restricted
and moderated teams are permitted to own archives ensure an untrusted
user does temporarily join the team to upload a compromised package.
There was a time in the past where open teams could own PPAs, but the
rules were changed.
-- 
This message was sent from Launchpad by
Curtis Hovey (https://launchpad.net/~sinzui)
using the "Contact this team" link on the Randr Team team page
(https://launchpad.net/~randrteam).
For more information see
https://help.launchpad.net/YourAccount/ContactingPeople
  Thread PreviousDate PreviousThread Next