Hardened projects, teams, and bugs
Launchpad often permits inclusive teams to interact with private or secured data -- which means the owner of the data has no control of who the information is disclosed to.
Contact: Curtis
On Launchpad: disclosure + privacy
Rationale
Launchpad allows inclusive teams (Open or Delegated membership policy) to have a relationship with private or secured artefacts. While the user who created the relationship may have confidence in the team members, there is no way to prevent untrustworthy users from joining the team. Anyone who joins is also giving themselves access to private or secured data.
This issue was discovered while working on Privacy Transitions and planning the schema changes to support Managing disclosure.
Stakeholders
- PES
- Steve Magoun
- Cody A.W. Somerville
- Hardware enablement
- Chris Van Hoof
- Linaro
- Kiko
- ISD
- Stuart Metcalfe
- Ubuntu
- Kate Stewart
User stories
$STORY_NAME
As a project maintainer
I want exclusive teams in roles need access to private data
so that I know private information is only disclosed to vetted users.
As a project driver
I want only exclusive teams subscribed to private bugs
so that I know every user that private data is shared with was vetted.
As the owner of a team with a PPA
I want I do not want my teams membership policy to become inclusive
so that I know every user with PPA upload privileges was vetted.
Constraints and Requirements
Must
- The person picker must state that you can choose a choose a user or a restricted or moderated team.
- The person picker cannot list an inclusive team where assigning to to a project role or private bug.
- An error is raised over the API when an inclusive team put placed in a trusted relationship.
- Do not permit inclusive teams to have PPA.
- Do not permit exclusive teams to become open if they are in a trusted relationship.
- For Managing Disclosure, data cannot be shared with inclusive teams.
Nice to have
- The team membership policy UI explains that inclusive teams cannot be in trusted relationships.
- The team page explains to inclusive team admins that they cannot create a PPA.
Must not
- It must not be possible to circumvent the rules of trust in the future, One in a trusted relationship, the team cannot become inclusive.
Subfeatures
None
Success
How will we know when we are done?
- Notify inclusive teams with PPAs that they must become exclusive or deactivated.
- PPAs owed inclusive teams are deleted.
- project owners who have inclusive teams subscribed to bugs are notified.
- No inclusive teams are subscribed to private or security bugs.
- It is not possible to place an inclusive team in a project maintainer, driver, or security contact role.
- It is not possible to subscribe or assign a an inclusive team to a private bug.
- Making a bug private unsubscribed inclusive teams.
- inclusive teams cannot have PPAs.
How will we measure how well we have done?
- There are no active PPAs owned by open teams in the database.
- There are no open or delegated teams subscribed to private bugs in the database.
- There are no open or delegated teams in the project maintainer, driver or security contact roles in the database
Thoughts?
None