launchpad-dev team mailing list archive

Thread
Date

Re: Next steps for Better Privacy (trusting access)

To: launchpad-dev@xxxxxxxxxxxxxxxxxxx
From: "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx>
Date: Tue, 29 May 2012 14:47:45 -0400
In-reply-to: <4FC501DD.4020806@canonical.com>
Organization: Canonical
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1

On 12-05-29 01:05 PM, curtis Hovey wrote:
> POSSIBLE RESOLUTIONS
> 
> 1. Maybe there is nothing wrong with the UI for security users, the
> maintainers have shot themselves in the left foot. Send an email to
> maintainer when sharing changes to ensure they are informed. Security
> contacts do not need to be informed.
> 
> 2. Maybe Lp should not permit this? The security team in this scenario
> is working independent of maintainers and drivers? They cannot use Lp to
> coordinate activities because they are siloed. This is hard to enforce
> because team memberships change over time. For example, to get around
> the maintainer-must-be-a-bug-supervisor rule, I leave the team after I
> set it in the bug supervisor role.
> 
> 3. Maybe the users a project shares with may know each other? If I can
> see all Embargoes Security information, then I may know who else the
> project has shared the information with. When someone comments on a bug
> that is not subscribed, I have learned something that Lp is keeping
> secret. This might happen often. We do not official care about this
> case. Lp could show a list of the users and teams that are in a sharing
> policy to users who are in the same policy. If I am in the three sharing
> policies, I can see with whom the project shares All, but not Some.

Hi Curtis,

Thanks for this write-up. My personal preferences here is #1. If you
decide to delegate security to a separate team that doesn't have any
overlap with maintainers, I think it's fine to assume that you have to
ask a maintainer for reviewing who have access to the information.

I'm not sure about the email aspect here. While sending an email on any
changes to the global sharing can act as a cheap audit trail, it's also
another potential source of "spam" from Launchpad. I'd say file a bug
about this idea, but not necessarily make it in scope for the current
round. It's not complete as an audit trail either since like you mention
it's possible for team memberships to change without maintainers being
notified.

Cheers

-- 
Francis J. Lacoste
francis.lacoste@xxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature

References

Next steps for Better Privacy
From: William Grant, 2012-05-08
Re: Next steps for Better Privacy ()
From: curtis Hovey, 2012-05-10
Re: Next steps for Better Privacy ()
From: Robert Collins, 2012-05-11
Re: Next steps for Better Privacy ()
From: curtis Hovey, 2012-05-11
Re: Next steps for Better Privacy (trusting access)
From: curtis Hovey, 2012-05-29