Code review comment for lp:~adeuring/launchpad/bug-39674-update-retricted-flag-of-private-bugattachments

> So, we have a problem here - making user content visible in the launchpad.net
> domain is a huge security hole - we can't do it at all safely - we need to
> either:
> - set content-disposition: attachment
> - serve the content from a different domain (I have a proof of concept branch
> working on this).
>
> So, while this is slightly the wrong venue, we need to ensure that one of the
> two above things happens *before* any private bug attachments are served.

This is fixed in a different branch: lp:~adeuring/launchpad/bug-612779