= Hardened projects, teams, and bugs =

Launchpad often permits inclusive teams to interact with private or
secured data -- which means the owner of the data has no control of
who the information is disclosed to.

'''Contact:''' Curtis <<BR>>
'''On Launchpad:''' [[https://bugs.launchpad.net/launchpad-project/+bugs?field.tag=disclosure+privacy&field.tags_combinator=ALL| disclosure + privacy]]

== Rationale ==

Launchpad allows inclusive teams (Open or Delegated membership policy) to
have a relationship with private or secured artefacts. While the user who
created the relationship may have confidence in the team members, there
is no way to prevent untrustworthy users from joining the team. Anyone
who joins is also giving themselves access to private or secured data.

This issue was discovered while working on Privacy Transitions and
planning the schema changes to support Managing disclosure.


== Stakeholders ==

 * PES
   * Steve Magoun
   * Cody A.W. Somerville
 * Hardware enablement
   * Chris Van Hoof
 * Linaro
   * Kiko
 * ISD
   * Stuart Metcalfe
 * Ubuntu
   * Kate Stewart


== User stories ==

<<Anchor(story-name>)>>

=== $STORY_NAME ===

'''As a ''' project maintainer<<BR>>
'''I want ''' exclusive teams in roles need access to private data<<BR>>
'''so that ''' I know private information is only disclosed to vetted users.

'''As a ''' project driver<<BR>>
'''I want ''' only exclusive teams subscribed to private bugs<<BR>>
'''so that ''' I know every user that private data is shared with was vetted.

'''As the ''' owner of a team with a PPA<<BR>>
'''I want ''' I do not want my teams membership policy to become inclusive<<BR>>
'''so that ''' I know every user with PPA upload privileges was vetted.


== Constraints and Requirements ==

=== Must ===

 * The person picker must state that you can choose a choose a user
 or a restricted or moderated team.
 * The person picker cannot list an inclusive team where assigning to
 to a project role or private bug.
 * An error is raised over the API when an inclusive team put placed
 in a trusted relationship.
 * Do not permit inclusive teams to have PPA.
 * Do not permit exclusive teams to become open if they are in a
 trusted relationship.

 * For Managing Disclosure, data cannot be shared with inclusive teams.

=== Nice to have ===

 * The team membership policy UI explains that inclusive teams cannot
 be in trusted relationships.
 * The team page explains to inclusive team admins that they cannot
 create a PPA.

=== Must not ===

 * It must not be possible to circumvent the rules of trust in the future,
 One in a trusted relationship, the team cannot become inclusive.

== Subfeatures ==

None

== Success ==

=== How will we know when we are done? ===

 * Notify inclusive teams with PPAs that they must become exclusive
 or deactivated.
 * PPAs owed inclusive teams are deleted.
 * project owners who have inclusive teams subscribed to bugs are
 notified.
 * No inclusive teams are subscribed to private or security bugs.

 * It is not possible to place an inclusive team in a project maintainer,
 driver, or security contact role.
 * It is not possible to subscribe or assign a an inclusive team to a
 private bug.
 * Making a bug private unsubscribed inclusive teams.
 * inclusive teams cannot have PPAs.

=== How will we measure how well we have done? ===

 * There are no active PPAs owned by open teams in the database.
 * There are no open or delegated teams subscribed to private bugs in
 the database.
 * There are no open or delegated teams in the project maintainer, driver
 or security contact roles in the database

== Thoughts? ==

None