Hardened projects, teams, and bugs

Launchpad often permits inclusive teams to interact with private or secured data -- which means the owner of the data has no control of who the information is disclosed to.

Contact: Curtis
On Launchpad: disclosure + privacy

Rationale

Launchpad allows inclusive teams (Open or Delegated membership policy) to have a relationship with private or secured artefacts. While the user who created the relationship may have confidence in the team members, there is no way to prevent untrustworthy users from joining the team. Anyone who joins is also giving themselves access to private or secured data.

This issue was discovered while working on Privacy Transitions and planning the schema changes to support Managing disclosure.

Stakeholders

User stories

$STORY_NAME

As a project maintainer
I want exclusive teams in roles need access to private data
so that I know private information is only disclosed to vetted users.

As a project driver
I want only exclusive teams subscribed to private bugs
so that I know every user that private data is shared with was vetted.

As the owner of a team with a PPA
I want I do not want my teams membership policy to become inclusive
so that I know every user with PPA upload privileges was vetted.

Constraints and Requirements

Must

Nice to have

Must not

Subfeatures

None

Success

How will we know when we are done?

How will we measure how well we have done?

Thoughts?

None

LEP/HardenedBugsProjectsTeams (last edited 2012-04-23 17:28:34 by sinzui)