Warn users that mailing list archives are public unless the team is actually private
Bug #297505 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Unassigned |
Bug Description
It is clear that some team administrators don't realise that mailing list archives are visible by everybody (not just members) even if the team is restricted. They're only private if the team is private.
This results in wonderful teams that exist for monitoring private bugs, but then conveniently archive all of that private bugmail publicly. I won't disclose such teams here, but ask if you want to fix it...
One should be warned about the lack of privacy before creating a mailing list.
Related branches
lp:~sinzui/launchpad/mailing-list-ui-0
- Brad Crittenden (community): Approve (code)
-
Diff: 391 lines (+124/-128)7 files modifiedlib/lp/registry/browser/team.py (+1/-0)
lib/lp/registry/browser/tests/test_mailinglists.py (+88/-3)
lib/lp/registry/stories/mailinglists/lifecycle.txt (+1/-92)
lib/lp/registry/stories/mailinglists/subscriptions.txt (+3/-13)
lib/lp/registry/stories/mailinglists/welcome-message.txt (+5/-3)
lib/lp/registry/templates/team-mailinglist.pt (+22/-15)
lib/lp/registry/templates/team-portlet-mailinglist.pt (+4/-2)
tags: | added: disclosure |
tags: | added: bugjam2010 |
Changed in launchpad-registry: | |
assignee: | nobody → Curtis Hovey (sinzui) |
status: | Triaged → In Progress |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Changed in launchpad: | |
milestone: | none → 11.01 |
tags: | added: hardening privacy |
Changed in launchpad: | |
assignee: | Curtis Hovey (sinzui) → nobody |
To post a comment you must log in.
Setting to high as we might be disclosing private information. Barry can you take a look at this?