launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #09556
Re: Private Projects LEP
On 07/30/2012 04:46 PM, Aaron Bentley wrote:
> On 12-07-30 04:22 PM, Robert Collins wrote:
>> On Tue, Jul 31, 2012 at 8:06 AM, Aaron Bentley
>> <aaron@xxxxxxxxxxxxx> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>> On 12-07-30 03:10 PM, Robert Collins wrote:
>>>> error when a name is blacklisted identical to the error when
>>>> the name is already taken.
>>>
>>> We could certainly blacklist 'canonical*', etc without raising
>>> suspicion. But would we blacklist arbitrary names in order to
>>> conceal the fact that some of those names belonged to private
>>> projects?
>
>> I don't think we need to - we don't need to publish the blacklist.
>
> I guess my point is that if we use a blacklist, it needs to be
> credible. Users must think that if Launchpad denies them a name, the
> blacklist is a likely cause. Given that users will encounter this
> error for arbitrary names, the blacklist is only a credible
> explanation if it contains arbitrary names. So presumably, we'd have
> to actually blacklist some arbitrary names to maintain credibility.
>
> Now, I suppose we could do a structured blacklist like $USERNAME-*,
> and only allow the named user to create projects with that name. We
> would then need to require private projects to follow that naming
> convention.
Since the system has been in production for 2.5 years and we
registry/commercial admins have had few issues, I don't think we need to
concern our selves with this.
I have updated the name blacklist as needed. I told one group a name was
not available. I had to add some admin teams to make sure Canonical
staff can do their job.
--
Curtis Hovey
http://launchpad.net/~sinzui
Attachment:
signature.asc
Description: OpenPGP digital signature
References