New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SECURITY ISSUE] Why can other people push my packages? #282
Comments
I confirm: I can push and revoke updates without having the right permissions, see https://lists.fedoraproject.org/pipermail/devel/2015-August/213639.html |
Fixed in production. Please re-open if you still experience this issue. |
There are still "Push to stable" buttons on updates where I should not have the permission to push anything, is this fixed on https://bodhi.fedoraproject.org/ ? |
I get permission denied if I try to use them on other users packages now. |
OK, same for me, I get permission denied. I just expected the button to be shown only if I have permissions to do the action. |
The permissions seem buggered on the new bodhi
https://bodhi.fedoraproject.org/updates/tint2-0.12.2-1.fc22
thofmann pushed tint2 to testing (he has no perms for this action)
https://bodhi.fedoraproject.org/updates/tint2-0.12.2-1.fc22#comment-313306
In return I unpushed (I have no right or perms to do so).
https://bodhi.fedoraproject.org/updates/parcimonie.sh-0-0.4.20150804gitc009937.el7
The text was updated successfully, but these errors were encountered: