• Immutable Page
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

Disclosure project - Checkpoint from 2011-11-30

tl;dr

• PPA, teams and branches have been harden. Need some tweaks before we can clamp down usage of multi-tenancy for private bugs.
• We are going to keep supporting multi-tenancy for security issues.
• New interactive mock-ups ready for testing.
• Model to support the new access policy is being landed incrementally.

Harden bugs and teams

• [purple] Turn off PPA for open teams.
  • Done.
• [purple] Make the delete bugtask UI generally available.
  • Done.
• [purple] Announce the removal of sharing of private bugs.
  • Done.
• [purple] Send an email to people who have shared private bugs about what is going to happen with those bugs.
  • Done. This prompted an impromptu conversation with Mark who wanted to make sure that we don't cripple the cross-collaboration features around the bug tracker. Integrated bug linking is what will preserve these.
  • We discovered along the way that security bugs do benefit from a shared conversation. Thus, we will keep supporting multi-tenancy for undisclosed security vulnerabilities.
• [purple] Add and enable footgun feature flag to reduce growing the number of private bugs with multiple projects
  • Feature flag is in place, but require some changes to preserve multi-tenancy around security issues.
• [purple] Create report around branch privacy multi-tenancy
  • Completed. Nothing to fix and nobody to notify.

Actions for next checkpoint

• [purple] Modify the footgun feature flag to keep multi-tenancy for security bugs.
• [purple] Enable footgun feature flag to reduce growing the number of private bugs with multiple projects

Managing disclosure

• [purple] Implement clickable +managing-disclosure mock-ups

  • Ian and Jon completed it: http://people.canonical.com/~ianb/disclosure/

  • Huw was surprised by the additional elements that were not on his original design and the mock-up.

    • Jon and Ian were working off: http://people.canonical.com/~ianb/disclosure/spec.png

    • This sounds like a miscommunication issue. Matt and Curtis will investigate.
  • Diogo did a round of exploratory on the mock-ups.

    • https://dev.launchpad.net/QA/ExploratoryTesting/Disclosure/ManagingDisclosure

    • Was it useful?
    • Mock-ups are going to be brittle, utility will limited.
    • Dan points out that exploratory testing at that stage should focus on the tasks that are going to be tested.
  • Following user testing, if another mock-up round isn't warranted. We should still make sure to record the issues brought up as additional acceptance criteria for the tests that will done on the implementation. They also should be considered by Diogo for the acceptance testing.
• [danhg] User-test the dynamic +managing-disclosure mock-ups
  • Will start that tomorrow/Friday.
• [purple] Creating the access policy mechanism
  • In progress.

Actions for next checkpoint

• [danhg] User-test the dynamic +managing-disclosure mock-ups
• [huwshimi] Should we change the bug tags to look like these new tags?
• [purple] Implement a draft +manage-disclosure UI
• [purple] Populating and maintaining the access policy data

Actions for later

• [purple] Turn on +manage-disclosure and security through the access policy