Launchpad itself

can't make membership of one team conditional on membership of another

Bug #861058 reported by Martin Pool
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
Low
Unassigned

Bug Description

There are many teams such as ~canonical-tech that you can only belong to if you are also a member of, for example, ~canonical. However, Launchpad can't represent this at the moment which has several consequences:

 * When someone leaves Canonical they must be manually removed from all the dependent teams, which is laborious and error-prone, and depends on the person doing the departure processing having a complete accurate mental model of the dependencies (bug 853654)
 * At least some of these teams ought to be free for anyone in ~canonical to join and leave, but because they are private teams, people can only be added by a team owner
 * The policy is not visible, so people can possibly make mistakes as to who they add

Empirically I often see people removed from teams some time after they left Canonical.

~canonical is the most prominent example for me but it can occur within other companies or projects.

This could be solved by adding generic dependencies between teams, or perhaps by adding a "organization" concept (perhaps as a special type of team), or perhaps in some other way.

Revision history for this message
Curtis Hovey (sinzui) wrote :

I removed the disclosure tag because this issue is not in scope for managing project disclosure. The issue raised here is no-less valid with the tag removed.

tags: added: user
removed: disclosure registry
Revision history for this message
William Grant (wgrant) wrote :

I think it is relevant to disclosure. We need to sort out private teams, and that will probably involve some kind of organisation model, and may well automatically fix this.

Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 861058] Re: can't make membership of one team conditional on membership of another

So the specific case given is easily addressed: make ~canonical a
member of the *list*, and individuals can *subscribe* - this is how
its intended to work.

There are other cases, such as bug management and internally
restricted disclosure which this doesn't help with - but for those
simply saying 'must be in the organisation' is also not sufficient
(because that would allow anyone to escalate their privileges
trivially). So, the symptom is accurate, but permitting it isn't
necessarily the right way to address the underlying needs.

Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 861058] [NEW] can't make membership of one team conditional on membership of another

Of course, private-team in private-team is a separate bug (which is
covered by disclosure).

Revision history for this message
Martin Pool (mbp) wrote : Re: [Bug 861058] Re: can't make membership of one team conditional on membership of another

On 30 September 2011 08:24, Robert Collins <email address hidden> wrote:
> So the specific case given is easily addressed: make ~canonical a
> member of the *list*, and individuals can *subscribe* - this is how
> its intended to work.

One specific case. The thing that actually brought it to mind was
seeing people who left Canonical months ago being belatedly removed
from staff-only teams.

> There are other cases, such as bug management and internally
> restricted disclosure which this doesn't help with - but for those
> simply saying 'must be in the organisation' is also not sufficient
> (because that would allow anyone to escalate their privileges
> trivially). So, the symptom is accurate, but permitting it isn't
> necessarily the right way to address the underlying needs.

If Launchpad supported "must be in $other_team" then you could within
that say that the team was either open (eg ~canonical-tech) or
moderated or restricted (eg internally need-to-know teams.) But
perhaps another better approach is possible.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.