Comment 3 for bug 801242
Revision history for this message
| Robert Collins (lifeless) wrote Re: [Bug 801242] Re: no way to request membership in a private team - can only be added | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
On Tue, Oct 25, 2011 at 10:08 PM, Martin Pool <email address hidden> wrote:
> I think there is a real problem here that has occurred several times.
> People get the link and then can't do anything useful with it.
I agree that that is a problem
> There are various solutions, some of which overlap with other bugs:
> * show people "this object exists but you're not allowed to see it", if they guess the right url
We're not going to do that. Private objects should be private, and
disclosing existence can be harmful in and off itself. Knowing which
cases are safe and which aren't would be fragile, and until we're not
drowning in tech-debt, we should choose the route that is simplest to
be safe in.
> * have an organization model so people in ~canonical can see ~canonical-foo and freely choose to join it
Thats a possible solution. Another is the disclosure style observer
model where you can explicitly allow broad read access to an object.
What way to go requires considerable analysis though.
> Adding an 'invitation to team' feature wouldn't have specifically solved
> my case because I sent the invitation to a large team.
And because the team members you want to be permitted to join mutates over time.
In fact, there are use cases for private-to-<rule>, open / moderated /
delegated and restricted teams. But the risks are pretty big that we'd
get it wrong unless we carefully cover the possible interactions.