launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #09616
InformationType 404 vs 403
This is a splinter discussion from project information type.
We current have a rule that private data will return a 404 if it is not
shared with you. In the past Lp returned a 403. I want to return to the
403 rule in some cases.
The 404 rule was created before we conceived of Proprietary and
Embargoed. Following the work of private teams, we wanted anything that
an organisation does not want to disclose to 404. teams use
PersonVisiblity.PRIVATE.
We now know that most Private (user) and Private Security things such as
bugs belong to Ubuntu. It will never be a proprietary-like organisation.
Most of Ubuntu's confidential data is created by the community. They do
know the bugs exist, but they need to teach novice users that Lp is
lying when it says the bug cannot be founf.
I want 403 to be returned for Private (user) bugs and maybe Private
Security.
I want 404 to be returned for Proprietary and Embargoed things because
it is only these types that Lp offers (and can enforce) the
non-existence policy.
--
Curtis Hovey
http://launchpad.net/~sinzui
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups