launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

On 07/31/2012 06:23 AM, Matthew Revell wrote:
>>>  * Once a private project is made public it's not just the bugs and
>>> branches that need to stay private. At the least we also need to
>>> consider Answers and Blueprints. What else?
>>>
>>>  * How can we tell people that their bug comment, for example, is
>>> private and then later allow the project maintainer to expose it to
>>> the world? Isn't that rather obnoxious?
>>
>> Well, the project maintainer could also copy and paste the comment into
>> a public bug. We can't stop them from deliberately leaking it one way or
>> another, so the question is not whether we should allow it, but rather
>> whether we should arbitrarily make it more awkward. I suspect we shouldn't.
> 
> I disagree. The act of copy and pasting a comment from a private bug
> to a public bug requires conscious effort and gives a small chance for
> the copy-paster to see something that shouldn't be made public. *That*
> is deliberate.
> 
> I suspect a blanket switch from private-->public wouldn't be quite as
> deliberate as you're suggesting; it'd be too easy to skip over the
> warnings, to check the check-box, to sign in triplicate that you
> understand the consequences. Then we'd get complaints along the lines
> of, "Oh my god, we've just unveiled Benji's secret plans to colonise
> Mars, why did Launchpad let us do that?"

We do not make automatically make private data public.
The emails we send to maintainers make it clear that information given
in confidence stays private.
Making a project public is about letting non-trusted people see the
project and its selected bugs and branches so that a community can
contribute.
This is complicated by blueprints, questions, and translations that do
not support privacy; either these artefacts will support privacy to
maintainer our promise, or we block private project from using them, or
we support deletion so that confidential information can be removed.

API scripts can be used the projects themselves to mass edit bugs and
other artefacts to make them public.
I do not think any stakeholder has asked for a feature that make all the
artefacts public when the project becomes public.



-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature