launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

Hi Robert, rocket scientists.

I have decided how *I* want to fix the ~locoteams problem. I think The
fix can be treated like a bug. and be fixed in a single branch. There
remains some desire/discussion about adding nobs to separate security
policy from membership policy. That talk sounds like a feature, and I do
not think it really addresses the locoteams' concerns. So I present an
open discussion about my proposed implementation:

Allow open teams to control how members join.

    Launchpad bug: https://bugs.launchpad.net/bugs/700724
    Pre-implementation: floacoste, lifeless
    Test command: ./bin/test -vv \
      -t test_person_vocabularies -t doc/vocabularies \
      -t test_team -t teammembership.txt -t team-join-views
      -t doc/archive.txt

Ubuntu loco teams where upset by the change to ensure team membership is
not compromised. Many OPEN teams are now Moderated and the work of approving
membership is disruptive. Providing the teams with an API script to
automatically approve members undermines the need manage membership of teams
that control secured assets.

The underling issue is that ~locoteams does not own any assets that need to
be secure. It is MODERATED because it needs to manage *how* users become
members. ~locoteams delegates user membership to its member teams, and it
only manages the direct members. The team *IS* open to anyone, but guards
who is a direct member using the propose-member feature of moderated teams.

There are two kinds of closed teams: RESTRICTED and MODERATED. Their first
concern is control. They limit membership because they control secured assets.

There could be two kinds of open teams: OPEN and DELEGATED. (Maybe change
OPEN to PERMISSIVE). They encourage membership to build communities. The
DELEGATED team reviews who is a direct member to manage the community
hierarchy. OPEN has no structure.

I do not believe this issue is about adding an exception for ~locoteams or
changing security to an ad hoc team declaration. We can validation the
community need by asking if other large communities need a DELEGATED policy
to organise their hierarchy.

--------------------------------------------------------------------

RULES

    This bug:
    * Add the DELEGATED TeamSubscriptionPolicy.
      This is an enum in the DB so the change will happen in staging.
    * Update the propose-member rules to be enforced for MODERATED and
      DELEGATED teams.
    * PS. line 1969 in archive.txt sets up a test that looks insecure.
    * Update code that checks for OPEN to check for both OPEN and DELEGATED.
    * Extra credit: change the comma used in the via column on +participation
      to an arrow.

    In a follow up bug:
    * Change ~locoteams to DELEGATED.
    * Restore the affected subteams (listed in the this bug) to OPEN.


QA

    * Create a DELEGATED team
    * Verify that users see the propose membership link
    * Have another user create an OPEN team and propose membership
    * Accept the membership
    * Verify the OPEN team can add members.
    * Verify the DELEGATED team is listed on the new member's +participation
      page.

Attachment: signature.asc
Description: This is a digitally signed message part