launchpad-dev team mailing list archive

Thread
Date

Launchpad Privacy (issue 2)

To: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Fri, 17 Sep 2010 12:54:11 -0400
Organization: Canonical Ltd.
Reply-to: curtis.hovey@xxxxxxxxxxxxx

A Brief Primer on Launchpad Privacy (issue 2)
=============================================

Primary Structure and Traversal
-------------------------------

A structure is something that Launchpad uses to build URLs. A
distribution, project, and project group are structures. So too is a
team, a person, and a meeting. These six structures are special in
that they are primary structures used to create URLs. When a primary
structure is private, so are all the subordinate structures and
artefacts. An artefact is an item that belongs to a project or team,
e.g. a bug or branch.

    ------- traversal through a URL -------------->
    https://launchpad.net/project/trunk/10.10-beta1
                          ^
                          |
            access control is set on the primary context in the URL.

Like the current private teams behavior, if the user does not have
permission to access the primary context, the user sees a "404 - Not
Found" error. Users cannot see the top-level page, nor can they see any
page below the top-level. Users cannot access any item that belongs to
the primary context.

This rule is implicitly true for Launchpad API uses because the
underlying mechanism of REST uses the same traversal and permission
rules as the website.


Full and Partial Disclosure
---------------------------

Launchpad will permit users to have full or partial disclosure to a private
structure. The mechanism will be like a subscription. The owner can subscribe
users and restricted teams to their structure or its items. Access to
a structure gives the user access to all subordinate items. Subscription
is not about notification in this case, it is about disclosure.

    * Full disclosure means user can view all aspects of the project.

      * The user can see private branches of code, bug reports, and
        personal private package archives (P3A) automatically.

      * The user does not need to be subscribed to the specific item.

      * The user does not need to be a member of the bug supervisor team
        to gain access to a bug report (and will not receive unwanted email).

    * Partial Disclosure means the user may know the names of private
      structures and items, but see nothing more.

      * This use permits project owners to continue the existing
        practice of subscribing users under an NDA to private items like
        bugs and branches.

      * Users with full access to the project can subscribe other users to
        bugs, branches, and archives. The subscriber can see what he or she
        is subscribed to, and know the names of the team, project, series,
        and milestone that are in the URL or in the page.

      * The subscribed user cannot see any other information about the
        team, project, or series. If the user tries to view another
        page or item that is subordinate to the primary context, he or
        she will only see the names.

-- 
__Curtis C. Hovey_________
http://launchpad.net/

Attachment: signature.asc
Description: This is a digitally signed message part

Follow ups

Re: Launchpad Privacy (issue 2)
From: Curtis Hovey, 2010-09-17