launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #08559
Disclosure project checkpoint meeting notes 2011-11-30
= Disclosure project - Checkpoint from 2011-11-30 =
== tl;dr ==
* PPA, teams and branches have been harden. Need some tweaks before
we can clamp down usage of multi-tenancy for private bugs.
* We are going to keep supporting multi-tenancy for security issues.
* New interactive mock-ups ready for testing.
* Model to support the new access policy is being landed incrementally.
== Harden bugs and teams ==
* [purple] Turn off PPA for open teams.
* Done.
* [purple] Make the delete bugtask UI generally available.
* Done.
* [purple] Announce the removal of sharing of private bugs.
* Done.
* [purple] Send an email to people who have shared private bugs about
what is going to happen with those bugs.
* Done. This prompted an impromptu conversation with Mark who
wanted to make sure that we don't cripple the cross-
collaboration features around
the bug tracker. Integrated bug linking is what will preserve
these.
* We discovered along the way that security bugs do benefit from a
shared conversation. Thus, we will keep supporting multi-tenancy
for undisclosed security vulnerabilities.
* [purple] Add and enable footgun feature flag to reduce growing the
number of private bugs with multiple projects
* Feature flag is in place, but require some changes to preserve
multi-tenancy around security issues.
* [purple] Create report around branch privacy multi-tenancy
* Completed. Nothing to fix and nobody to notify.
== Actions for next checkpoint ==
* [purple] Modify the footgun feature flag to keep multi-tenancy for
security bugs.
* [purple] Enable footgun feature flag to reduce growing the number
of private bugs with multiple projects
== Managing disclosure ==
* [purple] Implement clickable +managing-disclosure mock-ups
* Ian and Jon completed it:
http://people.canonical.com/~ianb/disclosure/
* Huw was surprised by the additional elements that were not on
his original design and the mock-up.
* Jon and Ian were working off:
http://people.canonical.com/~ianb/disclosure/spec.png
* This sounds like a miscommunication issue. Matt and Curtis
will investigate.
* Diogo did a round of exploratory on the mock-ups.
*
https://dev.launchpad.net/QA/ExploratoryTesting/Disclosure/ManagingDisclosure
* Was it useful?
* Mock-ups are going to be brittle, utility will limited.
* Dan points out that exploratory testing at that stage should
focus on the tasks that are going to be tested.
* Following user testing, if another mock-up round isn't warranted.
We should still make sure to record the issues brought up as
additional acceptance criteria for the tests that will done on
the implementation. They also should be considered by Diogo for
the acceptance testing.
* [danhg] User-test the dynamic +managing-disclosure mock-ups
* Will start that tomorrow/Friday.
* [purple] Creating the access policy mechanism
* In progress.
== Actions for next checkpoint ==
* [danhg] User-test the dynamic +managing-disclosure mock-ups
* [huwshimi] Should we change the bug tags to look like these new tags?
* [purple] Implement a draft +manage-disclosure UI
* [purple] Populating and maintaining the access policy data
== Actions for later ==
* [purple] Turn on +manage-disclosure and security through the
access policy
--
Francis J. Lacoste
francis.lacoste@xxxxxxxxxxxxx
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
