launchpad-dev team mailing list archive

Thread
Date

InformationType 404 vs 403

To: Launchpad Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Tue, 18 Sep 2012 13:17:20 -0400
Organization: Canonical Ltd.
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1

This is a splinter discussion from project information type.

We current have a rule that private data will return a 404 if it is not
shared with you. In the past Lp returned a 403. I want to return to the
403 rule in some cases.

The 404 rule was created before we conceived of Proprietary and
Embargoed. Following the work of private teams, we wanted anything that
an organisation does not want to disclose to 404. teams use
PersonVisiblity.PRIVATE.

We now know that most Private (user) and Private Security things such as
bugs belong to Ubuntu. It will never be a proprietary-like organisation.
Most of Ubuntu's confidential data is created by the community. They do
know the bugs exist, but they need to teach novice users that Lp is
lying when it says the bug cannot be founf.

I want 403 to be returned for Private (user) bugs and maybe Private
Security.

I want 404 to be returned for Proprietary and Embargoed things because
it is only these types that Lp offers (and can enforce) the
non-existence policy.

-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: InformationType 404 vs 403
From: Robert Collins, 2012-09-18
Re: InformationType 404 vs 403
From: Aaron Bentley, 2012-09-18