launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

On 07/30/2012 04:46 PM, Aaron Bentley wrote:
> On 12-07-30 04:22 PM, Robert Collins wrote:
>> On Tue, Jul 31, 2012 at 8:06 AM, Aaron Bentley
>> <aaron@xxxxxxxxxxxxx> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>> On 12-07-30 03:10 PM, Robert Collins wrote:
>>>> error when a name is blacklisted identical to the error when
>>>> the name is already taken.
>>>
>>> We could certainly blacklist 'canonical*', etc without raising 
>>> suspicion.  But would we blacklist arbitrary names in order to
>>> conceal the fact that some of those names belonged to private
>>> projects?
> 
>> I don't think we need to - we don't need to publish the blacklist.
> 
> I guess my point is that if we use a blacklist, it needs to be
> credible.  Users must think that if Launchpad denies them a name, the
> blacklist is a likely cause.  Given that users will encounter this
> error for arbitrary names, the blacklist is only a credible
> explanation if it contains arbitrary names.  So presumably, we'd have
> to actually blacklist some arbitrary names to maintain credibility.
> 
> Now, I suppose we could do a structured blacklist like $USERNAME-*,
> and only allow the named user to create projects with that name.  We
> would then need to require private projects to follow that naming
> convention.

Since the system has been in production for 2.5 years and we
registry/commercial admins have had few issues, I don't think we need to
concern our selves with this.

I have updated the name blacklist as needed. I told one group a name was
not available. I had to add some admin teams to make sure Canonical
staff can do their job.

-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature