launchpad-dev team mailing list archive

[Aaron Bentley <aaron@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12-07-30 04:22 PM, Robert Collins wrote:
> On Tue, Jul 31, 2012 at 8:06 AM, Aaron Bentley
> <aaron@xxxxxxxxxxxxx> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 12-07-30 03:10 PM, Robert Collins wrote:
>>> error when a name is blacklisted identical to the error when
>>> the name is already taken.
>> 
>> We could certainly blacklist 'canonical*', etc without raising 
>> suspicion.  But would we blacklist arbitrary names in order to
>> conceal the fact that some of those names belonged to private
>> projects?
> 
> I don't think we need to - we don't need to publish the blacklist.

I guess my point is that if we use a blacklist, it needs to be
credible.  Users must think that if Launchpad denies them a name, the
blacklist is a likely cause.  Given that users will encounter this
error for arbitrary names, the blacklist is only a credible
explanation if it contains arbitrary names.  So presumably, we'd have
to actually blacklist some arbitrary names to maintain credibility.

Now, I suppose we could do a structured blacklist like $USERNAME-*,
and only allow the named user to create projects with that name.  We
would then need to require private projects to follow that naming
convention.

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAW8qIACgkQ0F+nu1YWqI3C1gCeOL/1uB0J4uEA8RHYUWGFfuEf
3a0An28a/6JaM2RfMwFs5D8LVUFpurJX
=Qacr
-----END PGP SIGNATURE-----