launchpad-dev team mailing list archive

Thread
Date

Re: Who can create private bugs and branches?

From: Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Mon, 02 Jul 2012 11:59:30 -0400
Cc: launchpad-dev@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4FEB4A5A.8000101@canonical.com>
Organization: Canonical Ltd.
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1

Hi Aaron, et al.

On 06/27/2012 02:00 PM, Aaron Bentley wrote:
> Since creating a bug/branch and then changing it to proprietary has
> the same result as creating a proprietary bug/branch, shouldn't all
> users be able to create proprietary bugs/branches?  That would also
> match the default proprietary bug rules better.

Yes. I see the contradiction. I think I am being paranoid and overly
protect of non-technical users.

My paranoia tells me not to encourage spies to create proprietary bugs
hoping to find a way to learn compromised information.

My protective instincts think we made a mistake to show all the
available information types when reporting a bug. We want to use the
proper terminology so that groups know the workflow/lifecycle of the
bug. But this terminology is daunting for non-technical users. Since
these users are not responsible parties in the bug's workflow, The might
want a checkbox to say the bug contains private information that a bug
triager can sort out.
https://bugs.launchpad.net/launchpad/+bug/1015509

>> The two proprietary sets of rules differ on creation rules.
>> Launchpad stacking rules require that you have access to the series
>> branch to have access to the feature/fix branch.
> 
> The selection of stacking branch is under user control.  They do not
> have to use our suggestion (which is always the development focus
> IIRC) if they do not want to.  We could perhaps modify the way we
> suggest branches to ensure that the suggested branch is always
> user-visible (i.e. use a different branch that is public.) We could
> also teach bzr to ignore suggestions that it can't use.

You are correct. The common cause of that contributors see 403 error on
branches is because someone bad a decision to stack a branch. This
happens today, and I expect it to happen less often in the future. We
have discussed changing bzr, the smart-server, and the branch scanner.
Most ideas are out of scope because of the suggested effort. We are
willing for a developer to work 4 days to solve this. Maybe sending an
email to the branch owner when we discover the staking is insane. If you
think we can easily prevent stacking issues with a change, please explain.

Stacking is an edge case for future Lp because sharing will grant all
the trusted users access to all the proprietary bugs and branches. The
403s might still happen when contractors are working on a few branches
-- they the project must explicitly share the base branch and all the
intermediate branches with the contractors.
-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Who can create private bugs and branches?
From: Aaron Bentley, 2012-07-03

References

Who can create private bugs and branches?
From: William Grant, 2012-06-27
Re: Who can create private bugs and branches?
From: Curtis Hovey, 2012-06-27
Re: Who can create private bugs and branches?
From: Aaron Bentley, 2012-06-27