launchpad-dev team mailing list archive

Thread
Date

Re: Private Projects LEP

To: Robert Collins <robert.collins@xxxxxxxxxxxxx>
From: Benji York <benji.york@xxxxxxxxxxxxx>
Date: Mon, 30 Jul 2012 15:59:50 -0400
Cc: launchpad-dev@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAJ3HoZ2+K3suRw46GXzEL-NgxCZWVs5w7O71SSCAVVfvTSOvqg@mail.gmail.com>

On Mon, Jul 30, 2012 at 3:10 PM, Robert Collins
<robert.collins@xxxxxxxxxxxxx> wrote:
> On Tue, Jul 31, 2012 at 6:26 AM, Aaron Bentley <aaron@xxxxxxxxxxxxx> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12-07-30 10:01 AM, Matthew Revell wrote:
>>> https://dev.launchpad.net/LEP/PrivateProjects
>>
>>> An untrusted user cannot guess the name of a private project based
>>> on the error message given when trying to register a new project
>>> with the same name.
>>
>> How do we accomplish this?
>
> One way would be to document that we blacklist names, and make the
> error when a name is blacklisted identical to the error when the name
> is already taken.

That approach would provide plausible deniability.  I wonder if that is
sufficient.  I also wonder if more is even possible.

For example, If someone tries to create a project named
"canonical-on-mars" and LP says that it is a blacklisted name and they
probe the system and find that other forms of "canonical-on-*" are
allowed, I doubt it will take them long to realize that Mars is the
first planet in our secret off-world colonization effort.
-- 
Benji York

References

Private Projects LEP
From: Matthew Revell, 2012-07-30
Re: Private Projects LEP
From: Aaron Bentley, 2012-07-30
Re: Private Projects LEP
From: Robert Collins, 2012-07-30