launchpad-dev team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

On Friday 29 October 2010 17:19:47 Martin Pool wrote:
> On 29 October 2010 12:10, Henning Eggers <henning.eggers@xxxxxxxxxxxxx> 
wrote:
> > This is a request for a principal policy decision although I raise it
> > based on a specific case.
> > 
> > I just submitted a fix for bug 638920[1] which deals with the situation
> > where a public project has its code in a private branch. Trying to
> > display a link to that private branch will cause an "Unauthorized"
> > exception. When deciding how to deal with this on the translations page
> > for a project series I realized that the overview page was already
> > dealing with it by pretending that no code branch has been set at all.
> > "No revision control details recorded for ... series." So I felt I had
> > to do the same on the translations page in order not to give away more
> > information than was intended.
> > 
> > Is it a conscious policy decision to treat private data like non-existent
> > data? If not, what should the policy be? What do we gain by hiding the
> > fact that private data exists? What risks are we taking with a statement
> > like "The code for this series is held in a private branch." or "You
> > have no access to the code for this series." ?
> 
> I think the general policy is indeed that if you can't see X, you
> can't even see X exists.  However, there are exceptions, and perhaps
> this is one.  It aligns a bit with the registry changes towards
> distinguishing "we don't know where the code is", "there is code but
> we don't have it", etc.
> 
> istm this should go into some kind of developer guide document.

I don't think a fixed policy is useful.  Privacy can mean either
 a) existence is hidden
 b) contents are hidden

I've seen a combination of these used in different places and it makes sense 
to decide which one you need at the time it's being implemented.