Fedora Board Recap - 2012-07-25

Robyn Bergeron rbergero at redhat.com
Thu Jul 26 12:30:15 UTC 2012 

On 07/26/2012 07:38 AM, "Jóhann B. Guðmundsson" wrote:
> On 07/26/2012 09:55 AM, Rahul Sundaram wrote:
>> If someone posted a ticket with the expectation that it would be
>> private, opening them up to public is quite rude. Future tickets could
>> be public however and I urge the board to consider this.
>
> Perhaps only active tickets should remain private and the board simply 
> ask the requester if they can be made public, all closed ticket be 
> opened up for public then all future tickets be made public?
The problems here are:

* The tickets filed with the Board are, at least a reasonable percentage 
of the time, of a nature that they should be kept private (legal stuff, 
personnel/sensitive/conflict, etc.).

* The Board trac instance (and trac in general within our 
infrastructure) doesn't have a way to manage fine-grained permissions 
beyond all-or-nothing for groups in the permissions list. In other 
words: We can't apply permissions to tickets one-by-one.  And I don't 
think that having 2 separate ticket queues would be useful.

That said, it looks like http://trac-hacks.org/wiki/SecureTicketsPlugin 
*might* be able to help - the opener of the ticket, or those with 
existing permissions to modify a ticket, could set the component to be 
one where permissions could be granted to a certain group beyond the 
default private settings (ie: maybe anyone authenticated via FAS).

I realize that it's not quite as open as "seeing every single ticket 
that comes across," but it does at least still provide those filing 
sensitive tickets with a sense of privacy, which makes them more likely 
to still file a ticket when needed, rather than deter them from pursuing 
resolution to an issue.

That said:

I don't know if this particular plugin, when enabled, will allow someone 
authenticated to do a full report view or if the report view will only 
show tickets set with the appropriate component to make them public. 
Sometimes tickets can reveal privacy things simply based on the subject, 
so that wouldn't be very awesome to those ticket submitters. And I'm not 
sure that the "authenticated" group would work properly, but I think it 
probably should, but the worst case is that we could theoretically 
create another fas group where those wanting to opt-in to seeing tickets 
could apply.

I realize it's not ideal, but I think maintaining privacy for some 
tickets is important, and ticket submitters could select automatically 
to have it public, and we could always verify if it looks to be 
something that can be public if the submitter is okay with that and then 
make it so.  But it would be an improvement.

Of course, someone would actually have to package the plugin, and then 
we'd need to get infra to add it to the plugins list. And then we'd have 
to test it and hope it works as advertised :D

>
> JBG
> _______________________________________________
> advisory-board mailing list
> advisory-board at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/advisory-board

More information about the advisory-board mailing list