Codeberg/Community
60
387
Fork
You've already forked Community
12

Why foreign accounts can add/remove issue dependencies and why I am not notified #1513

Closed
opened 2024年03月22日 14:04:25 +01:00 by buhtz · 1 comment

Comment

Please see this Issue as an example: buhtz/hyperorg#124

I was not notified via email about the modification of the "dependency" in this Issue. I am the owner of the repo and I am the opener of that Issue, so I am subscribed.

The person (@l-x) set this dependency don't have any permissons on my repo or my team. Why is she/he able to do something like this? Of course if my Issue is a dependency on some of his/her own repos Issues I have no problem. But this connection shouldn't be bidirectional. Persons other then repo owners should be able to modify dependencies.

No one was harmed. I just try to understand.

### Comment Please see this Issue as an example: https://codeberg.org/buhtz/hyperorg/issues/124 1. I was not notified via email about the modification of the "dependency" in this Issue. I am the owner of the repo and I am the opener of that Issue, so I am subscribed. 2. The person (@l-x) set this dependency don't have any permissons on my repo or my team. Why is she/he able to do something like this? Of course if my Issue is a dependency on some of his/her own repos Issues I have no problem. But this connection shouldn't be bidirectional. Persons other then repo owners should be able to modify dependencies. No one was harmed. I just try to understand.

I was not notified via email about the modification of the "dependency" in this Issue. I am the owner of the repo and I am the opener of that Issue, so I am subscribed.

As it's a 'minor' event, it's being treated the same as when milestone, labels or assignees are changed which don't cause notification as well.

Why is she/he able to do something like this? Of course if my Issue is a dependency on some of his/her own repos Issues I have no problem.

Because it doesn't affect the issue in anything, other than the event being added which is the same as when the issue is referenced by another issue, pull request or commit.

But this connection shouldn't be bidirectional. Persons other then repo owners should be able to modify dependencies.

Now we go a bit into a perfect world use case. For example lets say you want to use feature X, but it's not yet implemented or enabled by default in a library or software you're using and that project is hosted on the same instance. You can add a dependency to the related issue or pull request to "keep track" of that progress. Of course it also could be used accidental and causes unnecessary events to be added to the referenced issue or could be simply used to mark related issues.

There's a setting that can disable this behavior, but it's an instance-wide setting and the intended use case could be utilized quite well, even though I don't know of anyone actually using it that way.

> I was not notified via email about the modification of the "dependency" in this Issue. I am the owner of the repo and I am the opener of that Issue, so I am subscribed. As it's a 'minor' event, it's being treated the same as when milestone, labels or assignees are changed which don't cause notification as well. > Why is she/he able to do something like this? Of course if my Issue is a dependency on some of his/her own repos Issues I have no problem. Because it doesn't affect the issue in anything, other than the event being added which is the same as when the issue is referenced by another issue, pull request or commit. > But this connection shouldn't be bidirectional. Persons other then repo owners should be able to modify dependencies. Now we go a bit into a perfect world use case. For example lets say you want to use feature X, but it's not yet implemented or enabled by default in a library or software you're using and that project is hosted on the same instance. You can add a dependency to the related issue or pull request to "keep track" of that progress. Of course it also could be used accidental and causes unnecessary events to be added to the referenced issue or could be simply used to mark related issues. There's a setting that can disable this behavior, but it's an instance-wide setting and the intended use case could be utilized quite well, even though I don't know of anyone actually using it that way.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug
Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome
Please join the discussion and consider contributing a PR!
docs
No bug, but an improvement to the docs or UI description will help
duplicate
This issue or pull request already exists
enhancement
New feature
infrastructure
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal
An issue directly involving legal compliance
licence / ToS
involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations
Things related to Codeberg's external communication
question
More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo
Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration
Migration related issues in Forgejo
s/Pages
Issues related to the Codeberg Pages feature
s/Weblate
Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker
Woodpecker CI related issue
security
involves improvements to the sites security
service
Add a new service to the Codeberg ecosystem (instead of implementing into Forgejo)
upstream
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Forgejo, Weblate, etc.)
wontfix
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#1513
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?