launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #04664
Re: Launchpad Privacy (issue 1)
On Thu, Sep 16, 2010 at 9:33 PM, Curtis Hovey
<curtis.hovey@xxxxxxxxxxxxx> wrote:
> A Brief Primer on Launchpad Privacy (issue 1)
> =============================================
>
> This document explains the goals of Launchpad Private structures and the
> user experience working with them.
>
> There is a lot to discuss, and many topics will not hold your attention.
> This discussion is broken into several emails, sent on different days. I
> hope this will help us to semi-independent discussions in a
> comprehensible format.
>
Thanks Curtis.
There's already been a *lot* of discussion about the goals of our
privacy work, summarized here:
https://dev.launchpad.net/LEP/BetterPrivacy
Could you please edit the LEP to match the structure of these emails,
or somehow track back from the emails to the LEP? Doing so will
prevent us missing already-gathered requirements.
...
> Launchpad will provide a way to state a project is private and everything
> that belongs to the project is inherently private as well. This will be
> true for any primary structure that users use to manage their work in
> Launchpad.
>
> Owners can add users and restricted teams to their private projects.
>
> Owners of a private structures, such as a project, can see a list of all
> users and teams that have full access to the project or partial access via
> an item like a bug report.
>
At the Epic, I recall Robert questioning the need for partial access
to a private project, such as, say, granting someone access to a bug
report.
His concern was that the data model required to support such a thing
would be too complex for end users to follow, and would be too slow
for us to check.
> Owners can see a summary of what an individual user can know about the
> project
>
> Pages will clearly state that the user is seeing private information.
>
This has a flip-side (mentioned in the LEP). People who work with
private data all day actually care more about it being very clear that
they are seeing *public* information. After all, a breach of secrecy
is harder to undo than a failure to disclose.
jml
Follow ups
References