don't allow rules to map to have a mapping to a release with a non-matching product

Question

don't allow rules to map to have a mapping to a release with a non-matching product

Opened this issue 5 years ago · 0 comments

While thinking about bug 1309656, I realized that it's currently possible to do something very silly and point a Firefox update rule at a non-Firefox Release. Even in a multifile update world I can't see a scenario where this would be desired, and there may be some potential for privilege escalation or creating confusion (eg: create a release with product=Thunderbird, name=Firefox-$version-we're-about-to-ship) that might lead to the wrong thing being served.

This probably needs a bit more thought about whether or not its a good idea.

(Imported from https://bugzilla.mozilla.org/show_bug.cgi?id=1309877)