launchpad-dev team mailing list archive

Thread
Date

Re: One Policy to Rule Them All

To: launchpad-dev@xxxxxxxxxxxxxxxxxxx
From: Aaron Bentley <aaron@xxxxxxxxxxxxx>
Date: Wed, 12 Oct 2011 10:14:34 -0400
In-reply-to: <4E94AD00.4050004@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11-10-11 04:54 PM, curtis Hovey wrote:
> We will create a single mechanism the defines visibility policies
> for projects. All projects will have a sane default set of policies
> enabled when Lp Bugs or Lp Code is enabled. Maintainers can add
> users and teams to policies. The polices control access all project
> items that they pertain too; they are not bug, branch, thing
> specific.
> 
> We must build a mechanism to support the project observer use case.
> This mechanism will be simpler to report, faster to query, and
> easier to extend then the flawed/contradictory polices embedded in
> the Lp Bugs code. Extending the proposed mechanism to Lp Bugs means
> we want to support the security policy used by many projects and
> the apport policy that Ubuntu created by taking advantage of
> defects in the existing Lp Bug policy code. This simplified policy
> mechanism will also be used for branches; the complex multi-tenancy
> rules will be replaced. Branches will gain security policies as a
> consequence.

Is this separate from visibility policies?

> We do not want to reinvent a new UI to manage the creation/deletion
> of polices.

I don't understand how we can introduce a new concept to the user
model, and not provide new UI to control it.

> Access is governed by policy, and notification is governed by
> subscription.

Nice to have that distinction, at last.

> There will be default policies for new projects: Maintainer has
> access to all security related project items. Maintainer has access
> to all privacy related project items. The default maintainer is a
> user or ~registry. We want to require teams that maintain projects
> to be restricted or moderated.

I imagine that some projects have a looser approach to privacy and
security than that.  How do you imagine this system working for them?

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6VoMoACgkQ0F+nu1YWqI3k9wCfb58aZYKDUmr6Jc7CmV+eizmr
VqQAn0MxjF8kwaQJ44hL9yuiXoxWDMW+
=ZMbE
-----END PGP SIGNATURE-----

Follow ups

Re: One Policy to Rule Them All
From: curtis Hovey, 2011-10-12

References

One Policy to Rule Them All
From: curtis Hovey, 2011-10-11