Sharing policies unconfigure existing projects
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Ian Booth |
Bug Description
Projects have set teams in the maintainer security contact, and bug supervisor roles to get access to private bugs, but the project is not sharing with these teams.
We probably want a script to migrate the current configurations to sharing. Ubuntu is exempt because it s rules contradict Lp's documented behaviour. We do not want to run the script until bug 1008521, bug 1008526, and bug 1008538 are fixed.
Should a migration script also reconcile artefact grants with project grants? The goal of sharing is to make the disclosure or private information easy to understand an manage. The current view of /launchpad/+sharing is not easy to understand. Existing projects are in a mixed state that requires a lot of time (days or weeks) to reconcile by hand. Stakeholders will not likely accept a feature that requires them to do more work. I think a migration script should remove artefact subscriptions for users that are in projects that are shared with. Stakeholders (and the launchpad team) will see a listing of the teams they trust, and the exceptions that they need to investigate.
As a first step, I have created some SQL which will grant all project maintainers access policy grants for embargoed security and user data artifacts. This will at least allow maintainers to see the private information in their own projects.