launchpad-dev team mailing list archive

Thread
Date

Re: Managing Sharing - Mock-ups

To: Launchpad Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Wed, 29 Feb 2012 11:44:56 -0500
In-reply-to: <4F4E4373.9030302@canonical.com>
Organization: Canonical Ltd.
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120224 Thunderbird/11.0

Jon suggests that when a user searches the sharing information, the
table expands to reveal the column that shows the team membership the
project shares with. +1. I think this saves the user from doing an
action that will always be required

How do I search for all indirect users? I think that is a filtering
operation, not a text entry operation. An auditor checking everyone the
project shares with will not search for a user...he does not know who
needs to be found. Thus the audit want to say "Show me the team members
that this project indirectly shares with".

Most projects will share with 1-20 teams and users. The information is
easy to understand. Most projects will have an Embargoed Security and an
User Data policy and there will not be much variation between them.
There is rarely a need to search or filter the table because everything
can been without scrolling. Though the case of commercial projects adds
the Proprietary kind of sharing, we also know that it is nearly a
mutually exclusive option. Proprietary projects do not use User Data or
Embargoed Security because that information can be revealed to other
projects controlled by other organisations. Thus commercial projects
will have a simpler view than open projects because they will rarely, if
ever, share Embargoed Security and an User Data.

The auditing case where you want to know the the user who the project
indirectly shares with is not a simple view. A project might share with
5 teams composed 20 people. When there is a problem, the auditor must
find the user and the team the user is in. The auditor has a choice;
unshare with the team or contact the team admins to remove the user. A
project might be indirectly shared with a user by many teams; the user
is a member of several teams that the project shares with. The auditor
has to research the problem user's membership to know what actions can
be taken.

The "Some" case where project share a few bugs or branches with a user
or team are what auditors first look at. Why are these people
exceptional? Should the project still be sharing with them?

-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature

References

Re: Managing Sharing - Mock-ups
From: curtis Hovey, 2012-02-29