A Brief Primer on Launchpad Privacy (issue 5) =============================================
Artefacts and Primary Context ----------------------------- Subscribing a user to a private artefact grants the user partial access to a structure. The user may know the names of the private items that relate to the private artefact. Since privacy is determined by the primary context, admins do not need to enable private bugs, private branches, or private archive. All the project or distro's items are private, they cannot be public. Retargeting Private Project or Distro Artefacts ............................................... Private artefacts can never be retargeted to other projects and distros because the comments and history may contain private information. Users who reply via email under the assumption that their message is private would in fact be leaking information. This means that bugs, questions, and blueprints will always remain with the project or distro they were created in. Public bug, questions, and blueprints cannot be targeted to private projects and distros because the artefacts subscribers and the former and current context subscribers are all notified of the change. This act will reveal the existence of the private project or distro, and possibly leak information about who is involved in it. Bug Reports and Bug Links ......................... Bug reports do not belong to projects or people, there are currently no controls about who can subscribe whom, or who can reveal a bug by adding a project or distro that it affects. This rule will change when a private project or distribution is involved. Users can still make bug reports for public projects and distros private to protect users and security vulnerabilities. Bugs affecting private projects or distributions can only affect one primary context. A private bug affects only one structure; the bug cannot have multiple bug tasks showing the status in many places. Any user with permission to access the project or distro can see the bug. Only the project owner can subscribe users or restricted teams to the bug. Maybe this privilege should be extended to project drivers too. Bug links will be introduced for all bugs, allowing users to say "this bug is related to that bug". Users can see the links when he or she can see both bugs. Thus a user in a team that owns several private projects can see the linked bugs and know what project or distro that link is to, but the user under an NDA that is subscribed to the private bug cannot see the other bugs. Bug links will behave like local bug watches. Users who can see both the links will know the status and location of the other bug. Bug links could have a relationship type like dependency, or similar, but this has not been discussed. The affect project/distribution link on the bug page will start a process to clone the bug's information to create a separate bug for the other context. The user can edit the bug information to redact information that cannot be revealed. Bug comments will not be copied. The two bugs are automatically linked so that the user can see. The clone bug process might be valuable for public projects, such as splitting a bug report into separate issues. Code Branches ............. Branches for private projects and distros (source packages) are private, they cannot be public. Any user with access to the private project or distro can access the branch. The project primary context owner can subscribe a user or restricted team to the branch. Public projects can still have private branches to solve security vulnerabilities or for commercial development. Package Archives ................ Private teams will have private archives. Team owners and admin can subscribe users to the archives so that users can download from the archive. The subscribers can see the archive page and its publishing history, but not see other team pages. The subscriber will know the team's name (this is the rule of partial disclosure). Public projects may have private archives if a commercial admin enables them for commercial distribution. -- __Curtis C. Hovey_________ http://launchpad.net/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
