launchpad-dev team mailing list archive

Thread
Date

Exclusive and inclusive teams, private data, and mailing lists

To: Launchpad Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Mon, 14 Nov 2011 11:25:13 -0500
Organization: Canonical Ltd.
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

I proposed the use of "Exclusive" and "Inclusive" to describe team
membership policies in another thread. Exclusive teams can work with
private and security related data so membership is vetted, where as
Inclusive teams emphasise community and communication.

Maybe this clarification helps to solve the team mailing list problem.
Many teams in Lp exist solely for community and communication, and many
teams were created to manage mailing list. Open and delegated teams will
not get emails about private bugs and branches; we are not concerned
about the disclosure of private information. Do not make me subscribe to
team mailing list, just send me the emails. If I do not want to
participate in the community, I can leave the team. At the very least,
make mailing list subscriptions automatic, and permit me filter-out
non-urgent messages. The point is, membership in the team is synonymous
with the mailing list. When a member needs to contact the team members,
an email to the mailing list can be trusted to work.

In the case of a exclusive team with a mailing list, I still favour
requiring all members be subscribed, but there are privacy concerns that
need addressing. Many teams use their mailing list as a contact address,
which means that Lp will send emails with confidential information to
the mailing list. This is BAD if the list of public. Only private teams
have private mailing lists, which is a privilege of those that pay for
commercial subscriptions to Lp. Many teams have unwittingly arranged for
private information to be sent to public mailing lists by setting the
team contact address. I see a few possible solutions:

A. Do not permit exclusive teams to use the mailing list as the team
contact address.

B. Lp never sends emails about private information to an Lp hosted
mailing list. Maybe Lp can block emails to any address believed to be a
public mailing list

C. Lp sends a redacted notification just stating the bug/branch URL was
updated and privileged members can view the page to read the change.

-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Exclusive and inclusive teams, private data, and mailing lists
From: Barry Warsaw, 2011-11-14