launchpad-dev team mailing list archive

[Martin Pool <mbp@xxxxxxxxxxxxx>]

On 29 October 2010 12:10, Henning Eggers <henning.eggers@xxxxxxxxxxxxx> wrote:
> This is a request for a principal policy decision although I raise it based on
> a specific case.
>
> I just submitted a fix for bug 638920[1] which deals with the situation where
> a public project has its code in a private branch. Trying to display a link to
> that private branch will cause an "Unauthorized" exception. When deciding how
> to deal with this on the translations page for a project series I realized
> that the overview page was already dealing with it by pretending that no code
> branch has been set at all. "No revision control details recorded for ...
> series." So I felt I had to do the same on the translations page in order not
> to give away more information than was intended.
>
> Is it a conscious policy decision to treat private data like non-existent
> data? If not, what should the policy be? What do we gain by hiding the fact
> that private data exists? What risks are we taking with a statement like "The
> code for this series is held in a private branch." or "You have no access to
> the code for this series." ?

I think the general policy is indeed that if you can't see X, you
can't even see X exists.  However, there are exceptions, and perhaps
this is one.  It aligns a bit with the registry changes towards
distinguishing "we don't know where the code is", "there is code but
we don't have it", etc.

istm this should go into some kind of developer guide document.

-- 
Martin