launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #09621
Re: InformationType 404 vs 403
On Wed, Sep 19, 2012 at 5:17 AM, Curtis Hovey
<curtis.hovey@xxxxxxxxxxxxx> wrote:
> This is a splinter discussion from project information type.
>
> We current have a rule that private data will return a 404 if it is not
> shared with you. In the past Lp returned a 403. I want to return to the
> 403 rule in some cases.
>
> The 404 rule was created before we conceived of Proprietary and
> Embargoed. Following the work of private teams, we wanted anything that
> an organisation does not want to disclose to 404. teams use
> PersonVisiblity.PRIVATE.
>
> We now know that most Private (user) and Private Security things such as
> bugs belong to Ubuntu. It will never be a proprietary-like organisation.
> Most of Ubuntu's confidential data is created by the community. They do
> know the bugs exist, but they need to teach novice users that Lp is
> lying when it says the bug cannot be founf.
>
> I want 403 to be returned for Private (user) bugs and maybe Private
> Security.
FWIW, I'm ok with this. I think it does provide a better user
experience, and where we don't claim to provide unknowability its
better not to try.
-Rob
References