So, we have a problem here - making user content visible in the launchpad.net domain is a huge security hole - we can't do it at all safely - we need to either:
- set content-disposition: attachment
- serve the content from a different domain (I have a proof of concept branch working on this).
So, while this is slightly the wrong venue, we need to ensure that one of the two above things happens *before* any private bug attachments are served.
So, we have a problem here - making user content visible in the launchpad.net domain is a huge security hole - we can't do it at all safely - we need to either: disposition: attachment
- set content-
- serve the content from a different domain (I have a proof of concept branch working on this).
So, while this is slightly the wrong venue, we need to ensure that one of the two above things happens *before* any private bug attachments are served.