launchpad-dev team mailing list archive

[Matthew Revell <matthew.revell@xxxxxxxxxxxxx>]

= Better Privacy checkpoint 2011-12-14 =
== Summary ==
 * Social private teams are go! Purple have made a breakthrough. This
no longer needs a separate project. * The new name for "Disclosure" is
"Sharing". * We've made progress on +manage-disclosure
(+manage-sharing soon!) despite the additional work on social private
teams.
== Harden bugs and teams ==
 * Purple have been thinking about how to modify the footgun feature
flag to preserve multi-tenancy for security bugs. * Once they have a
good solution, they'll enable the footgun feature flag to reduce the
growing number of private bugs that have bug tasks from several
projects. * Purple have also been considering how to present embargoed
issues in the UI. * William is concerned about how we handle bugs that
are flagged as both security and privacy issues. Curtis says only one
bug in LP's history has been marked both a security and private issue.
The decision is not to prevent people from marking a bug as both
security-related and private because people will naturally not want to
do that. * The privacy ribbon wording is vague, especially in light of
how we're now offering more security and privacy options. Dan will
provide new wording. === Actions ===
 * [purple] Modify the footgun feature flag to keep multi-tenancy for
security bugs. * [purple] Enable footgun feature flag to reduce
growing the number of private bugs with multiple projects * [mrevell]:
Agree on the terminology and mutual exclusivity behaviour of
security/propietary bugs. Respond to Curtis' email on the list.
== Manage disclosure ==
When a private team takes a role in a public project, such as owner or
driver, we are going to display that team's name in the usual places.
This will reveal the existence of the team and its name. Jon is adding
warnings to the pickers so that when people do this they are fully
aware of the consequences.
=== Actions ===
  * [purple] Implement tweaked +manage-disclosure clickable mock-up  *
[danhg] User-test the tweaked clickable +managing-disclosure mock-ups
* [purple] Populating and maintaining the access policy data  *
[huwshimi]: speak to sinzui about how to present embargoed security
bugs in the UI  * [danhg]: speak to sinzui to then rewrite the privacy
ribbon messages to take account of the new situations it must handle
* [EVERYONE!]: we will refer to "Sharing" rather than "Disclosure"  *
[purple]: replace references to "disclosure" with "sharing" == Social
private teams ==
The surprise of the checkpoint was that the Purple squad, following
discussions with Rob, have cracked many of the issues around social
private teams! So, rather than having to consider this as a separate
project we can now expect it to be near complete at the next
checkpoint!
=== Actions ===
 * [purple]: PPA subscribers should have access to only the archive
itself * [purple]: Subscribers to a private team's branch should be
permitted to see the branch and its merge proposals * [purple]: priv
teams can be package maintainers * [purple]: priv teams can subscribe
to blueprints * [purple]: priv teams can subscribe to bugs  *
[purple]: we will fix the situation where you can lose access to your
private team * [purple]: warn in the picker when you're about to
expose the name of a private team * [huwshimi]: speak to jcsackett
about the design of the warning * [danhg]: test the warnings *
[mrevell]: seek agreement from stakeholders on how adding a private
team to a private team should work * [danhg]: what should someone who
is not a member of a private team see when they visit that private
team's overview page? Dan to gather data. (bug 904293)
-- 
Matthew Revell
Launchpad Product Manager
Canonical

https://launchpad.net/~matthew.revell