launchpad-dev team mailing list archive

Thread
Date

Disclosure project check point meeting notes for 2011-11-02

To: Launchpad Development List <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx>
Date: Wed, 02 Nov 2011 13:11:20 -0400
Organization: Canonical
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

Hi folks,

As an experiment, I'm going to send the meeting notes from the bi-weekly
checkpoint we do around feature project.

If you have comments on the notes please reply here. If you have
comments on whether this is useful or not, reply privately to me.

The notes will also be available on the wiki under
/Checkpoint-YYYY-MM-DD (and linked off the project page itself).

Cheers

= Disclosure project - Checkpoint from 2011-11-02 =

== Harden bug and teams ==

  * Private/security bugs with open teams -> in progres
    * 20% of users have complied
    * Will be cleaned up forcebly on Nov 11.
  * PPA with open teams -> email in progress
    * Grace period of 2 weeks also there.
  * Private bugs with multiple bug tasks -> in progress
    * Script to split a bug -> working
    * Will need to be run by a LOSA (plus bug #....) because of
    status change restricted to bug supervisor.
    * Currently expect project owners to review the list of affected
bugs and
    then run the split-bug script to do the split -> doesn't scale.
    * Need to be intervention less: get agreement from
    stakeholders on the script output and run it across the board.

== Managing disclosure ==
  * New schema landed.
  * Need to prepare announcement on new policy way of working, give them
  migrated policy content and ask them to review.
  * We need to let people edit the security policy.
     * Should we manage this through +manage-disclosure page.

== Other deliverables ==

  * Collateral deliverables
     * Deletion of bugtask
        * UI landed "under the cover"
        * Will add AJAXification this week.
     * A good source of "weird" private bugs is comments with private info
       * Change the policy to allow project maintainers, bug supervisors and
       users to hide their comments -> would reduce source.

== Actions for next checkpoint ==

  * [huwshimi] Produce new mockups around security/privacy policy
conundrum (options for one or two pages)
  * [danhg] User-test the mock-ups
  * [purple] Fix the bug that prevents admins from setting privileged
bug status.
  * [purple] Review the split script and get agreement from stakeholders
on its output so that
  we can run it unattended.
  * [purple] Settle what are the requirements from stakeholders before
we can turn-off
  the multi-tenancy feature for private bugs.
  * [purple] Send the PPA clean-up email
  * [purple] Change the policy around hiding own bug comment.
  * [purple] Add AJAX ui to delete bug task
  * [purple] Create report around branch privacy multi-tenancy.
  * [purple] Remove multi-tenancy around bug privacy.

-- 
Francis J. Lacoste
francis.lacoste@xxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature