launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

On Mon, 2010-11-01 at 18:00 +1100, Steve McInerney wrote:
> Basically, by information gathering from publicly available sources,
> you
> can gather ALL sorts of amazing info and draw inferences from that,
> that
> will horrify those who don't want you to know those things. [1]
> Individually, the items may be "unclassified", but collectively, the
> entire database can give an incredibly accurate picture of a nation's
> war fighting capability. Which is um... Secret Squirrel - ie peoples
> lives really are on the line.
> 
> ie Sensitivity in the Confidential side of Security, via Aggregation
> of
> Information. (vs Integrity or Availability)

This is the primary concern that commercial projects have. Some projects
have reported that Launchpad leaked information and pointed to sites
that explain how the author used public information to make an
inference. Consider that Launchpad is not the only site hinting that
private information exists. Other do as well. Learning just a few pieces
of information of who, when, and where on a combination of sites is
enough for a savvy journalist to deduce that a company is enabling
software for a new chip to be released in 90 days.

We do not want to disclose that private information exists when we can.
When Launchpad has private projects, the UI will make it clear to
project owners that who has access to their projects and summarise the
information that is disclosed.

-- 
__Curtis C. Hovey_________
http://launchpad.net/

Attachment: signature.asc
Description: This is a digitally signed message part