Launchpad itself

public artifacts are permitted on confidential projects

Bug #1079785 reported by Aaron Bentley
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Aaron Bentley

Bug Description

A project may be turned from public to proprietary or embargoed, and any existing public/publicsecurity bugs will remain visible. Similarly for blueprints and branches. Instead, the user should be forbidden from changing the project to proprietary while public artifacts remain. Private and privatesecurity artifacts, while they cannot be created under the sharing policy, are still permitted to exist. However, such bugs must not be shared with other projects.

Related branches

lp:~abentley/launchpad/transitive-confidential
Abel Deuring (community): Approve (code)
Aaron Bentley: Pending requested
Diff: 394 lines (+99/-190)
6 files modified
lib/lp/registry/browser/product.py (+0/-41)
lib/lp/registry/browser/tests/test_product.py (+0/-113)
lib/lp/registry/model/product.py (+40/-13)
lib/lp/registry/tests/test_milestone.py (+0/-21)
lib/lp/registry/tests/test_product.py (+57/-0)
lib/lp/translations/doc/translationsoverview.txt (+2/-2)
Curtis Hovey (sinzui)
tags: added: private-projects
Changed in launchpad:
importance: Undecided → High
status: New → Triaged
Revision history for this message
William Grant (wgrant) wrote :

I'm not sure why Private and Private Security artifacts should be able to exist. The definition of those types includes being able to have multiple tasks, so I think it would be best to not exempt them from the everything-must-be-Proprietary check.

Revision history for this message
Aaron Bentley (abentley) wrote :

Supporting Private and Private Security artifacts on proprietary products is a stakeholder requirement, according to Curtis.

Aaron Bentley (abentley)
Changed in launchpad:
assignee: nobody → Aaron Bentley (abentley)
status: Triaged → In Progress
Revision history for this message
Curtis Hovey (sinzui) wrote :

I did not say Proprietary projects could support Private and Private security. I explained that changing a sharing policy does not change the state of the existing artefacts. The policy enforces creation and transitions. Lp watches the state the artefacts. When all the non-compliant artefacts transition to the approved infomation types, the unused grants are removed.

If a project can go from Public to Proprietary or Embargoed, there are three cases of support:

A. Do a sanity check for all the rules to ensure the entire state of the project is already sane:
   * No inclusive teams in the bug supervisor role.
   * No project package links
   * No questions or translations
   * No bugs shared with other projects
   * Since confidentiality is transitive, all the bugs, the container's type must be applied to all the subobjects
     * No bugs, branches, and blueprints can claim to be an unsupported transition type.

B. Continue from A by correcting all or some the data:
   * Update the information_type of all artefacts
   * Ask users to delete bugtasks on shared bugs
   * Ask users to delete packaging links

C. Continue from B and write new code to support deletions:
   * Delete questions
   * Delete translation messages, pofiles, pots

Revision history for this message
Aaron Bentley (abentley) wrote :

Curtis, you did say that Proprietary projects could support Private and Private security:

<deryck> sinzui, so to make it concrete -- a proprietary project could have proprietary bugs or emabargoed or private but not public.... and a public project can have any kind of bug. did I get that correct?
<sinzui> deryck, yes

Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r16306 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/16306>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Aaron Bentley (abentley)
tags: added: qa-ok
removed: qa-needstesting
Richard Harding (rharding)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.