← Back to team overview

launchpad-dev team mailing list archive

Disclosure project checkpoint meeting notes 2011-11-30


= Disclosure project - Checkpoint from 2011-11-30 =

== tl;dr ==

 * PPA, teams and branches have been harden. Need some tweaks before
   we can clamp down usage of multi-tenancy for private bugs.
 * We are going to keep supporting multi-tenancy for security issues.
 * New interactive mock-ups ready for testing.
 * Model to support the new access policy is being landed incrementally.

== Harden bugs and teams ==

  * [purple] Turn off PPA for open teams.

    * Done.

  * [purple] Make the delete bugtask UI generally available.

    * Done.

  * [purple] Announce the removal of sharing of private bugs.

    * Done.

  * [purple] Send an email to people who have shared private bugs about
  what is going to happen with those bugs.

    * Done. This prompted an impromptu conversation with Mark who
      wanted to make sure that we don't cripple the cross-
      collaboration features around
      the bug tracker. Integrated bug linking is what will preserve

    * We discovered along the way that security bugs do benefit from a
      shared conversation. Thus, we will keep supporting multi-tenancy
      for undisclosed security vulnerabilities.

  * [purple] Add and enable footgun feature flag to reduce growing the
    number of private bugs with multiple projects

    * Feature flag is in place, but require some changes to preserve
      multi-tenancy around security issues.

  * [purple] Create report around branch privacy multi-tenancy

    * Completed. Nothing to fix and nobody to notify.

== Actions for next checkpoint ==

  * [purple] Modify the footgun feature flag to keep multi-tenancy for
  security bugs.

  * [purple] Enable footgun feature flag to reduce growing the number
  of private bugs with multiple projects

== Managing disclosure ==

  * [purple] Implement clickable +managing-disclosure mock-ups

    * Ian and Jon completed it:
    * Huw was surprised by the additional elements that were not on
      his original design and the mock-up.
        * Jon and Ian were working off:
        * This sounds like a miscommunication issue. Matt and Curtis
          will investigate.
    * Diogo did a round of exploratory on the mock-ups.
        * Was it useful?
        * Mock-ups are going to be brittle, utility will limited.
        * Dan points out that exploratory testing at that stage should
          focus on the tasks that are going to be tested.

    * Following user testing, if another mock-up round isn't warranted.
      We should still make sure to record the issues brought up as
      additional acceptance criteria for the tests that will done on
      the implementation. They also should be considered by Diogo for
      the acceptance testing.

  * [danhg] User-test the dynamic +managing-disclosure mock-ups

    * Will start that tomorrow/Friday.

  * [purple] Creating the access policy mechanism

    * In progress.

== Actions for next checkpoint ==

  * [danhg] User-test the dynamic +managing-disclosure mock-ups
  * [huwshimi] Should we change the bug tags to look like these new tags?
  * [purple] Implement a draft +manage-disclosure UI
  * [purple] Populating and maintaining the access policy data

== Actions for later ==
  * [purple] Turn on +manage-disclosure and security through the
    access policy

Francis J. Lacoste

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups