← Back to team overview

launchpad-dev team mailing list archive

InformationType 404 vs 403


This is a splinter discussion from project information type.

We current have a rule that private data will return a 404 if it is not
shared with you. In the past Lp returned a 403. I want to return to the
403 rule in some cases.

The 404 rule was created before we conceived of Proprietary and
Embargoed. Following the work of private teams, we wanted anything that
an organisation does not want to disclose to 404. teams use

We now know that most Private (user) and Private Security things such as
bugs belong to Ubuntu. It will never be a proprietary-like organisation.
Most of Ubuntu's confidential data is created by the community. They do
know the bugs exist, but they need to teach novice users that Lp is
lying when it says the bug cannot be founf.

I want 403 to be returned for Private (user) bugs and maybe Private

I want 404 to be returned for Proprietary and Embargoed things because
it is only these types that Lp offers (and can enforce) the
non-existence policy.

Curtis Hovey

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups