launchpad-dev team mailing list archive

Thread
Date

Re: Private Projects LEP

To: William Grant <william.grant@xxxxxxxxxxxxx>
From: Matthew Revell <matthew.revell@xxxxxxxxxxxxx>
Date: Tue, 31 Jul 2012 11:23:36 +0100
Cc: Robert Collins <robert.collins@xxxxxxxxxxxxx>, Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <50169706.2000203@canonical.com>

On 30 July 2012 15:15, William Grant <william.grant@xxxxxxxxxxxxx> wrote:

>>  * ISD want hybrid projects when the project is public but bugs and
>> branches are private by default. Curtis seems to have ruled this out.
>> Is this possible within our budget?
>
> How was that ruled out? AFAIK (and I'm implementing it this week, so it
> is hopefully the case...) public projects can opt in to default-private
> or exclusively-private bugs and branches with no problem, it's just that
> private projects will be restricted to exclusively-private.

I think I misunderstood what Curtis had written about this. To
clarify, what we're proposing is retaining public projects that can
have private bugs and/or branches.

>>  * Once a private project is made public it's not just the bugs and
>> branches that need to stay private. At the least we also need to
>> consider Answers and Blueprints. What else?
>>
>>  * How can we tell people that their bug comment, for example, is
>> private and then later allow the project maintainer to expose it to
>> the world? Isn't that rather obnoxious?
>
> Well, the project maintainer could also copy and paste the comment into
> a public bug. We can't stop them from deliberately leaking it one way or
> another, so the question is not whether we should allow it, but rather
> whether we should arbitrarily make it more awkward. I suspect we shouldn't.

I disagree. The act of copy and pasting a comment from a private bug
to a public bug requires conscious effort and gives a small chance for
the copy-paster to see something that shouldn't be made public. *That*
is deliberate.

I suspect a blanket switch from private-->public wouldn't be quite as
deliberate as you're suggesting; it'd be too easy to skip over the
warnings, to check the check-box, to sign in triplicate that you
understand the consequences. Then we'd get complaints along the lines
of, "Oh my god, we've just unveiled Benji's secret plans to colonise
Mars, why did Launchpad let us do that?"

We have to build this to minimise the chances of people accidentally
leaking information that should remain private.

>> I'd welcome your thoughts on these.
>
> After a quick glance over the LEP, I'd be extremely wary of the user
> story about daily builds of private branches. It may be desirable, but
> it's a significant chunk of work in codehosting and the build farm, when
> neither component would otherwise be touched by the Private Projects work.

That came up as a nice to have from Product Strategy. They have
something in place that works (Jenkins) and it looks like it's well
out of scope, so I'll move it out of "Nice to have".

Cheers.

-- 
Matthew Revell
Product Manager, Launchpad and MAAS
Canonical

https://launchpad.net/~matthew.revell

Follow ups

Re: Private Projects LEP
From: Curtis Hovey, 2012-07-31

References

Private Projects LEP
From: Matthew Revell, 2012-07-30
Re: Private Projects LEP
From: William Grant, 2012-07-30