Launchpad feature: Disclosure

This feature's goal is to allow commercial projects to work in private. Untrusted users cannot see the project's pages or data. Project maintainers can share their project with trusted users to reveal all or just some of the project's data.

Launchpad is an open development platform. The existing additions of privacy cause performance problems or are useless for collaborating with trusted people.

  1. Launchpad must clearly show what is confidential.
  2. Launchpad must explain the consequences of an action so that users trust that confidential information will not be disclose.
  3. Launchpad must allow maintainers share all or just some of their project with trusted users.
  4. Launchpad must allow maintainers to create private teams and projects to guard confidential information.

Planning started in June 2010. Work started a year later in June 2011 by the Cloud Engineering, né Launchpad, Purple squad. The features to provide the foundation of private Projects was completed on October 31, 2012. About 707 bugs were closed over 17 months.

Disclosure overview

Disclosure is a collection of features. The end goal is to provide private projects, but many other features must be provided first. It is difficult to gauge progress when so many things must be done by a single squad. The chart shows that the backlog of bugs that the squad sees every day is always between 60 and 90 bugs. You cannot see that they are fixing bugs and working the list to zero unless you we consider the entire Launchpad database of bugs. Since bugs can be reported and fixed in a single period, extra care is need to collect that information to gauge velocity.

Trusted pickers

Launchpad must show enough information about a person, project, distribution, series, or package for a user to make an informed choice. Early testing of how projects might share confidential information revealed that users did not trust their actions. The UI failed find, or failed to show unique identifying information to convince users that they will not wrongly disclose information.

Trusted Person pickers

Trusted target pickers

Privacy transitions details

People require a consistent presentation of confidential information, and they must be informed when an action discloses information. There are three aspects to this work: Launchpad must know what is confidential, know how to show that something is confidential, and known what to do when something becomes confidential.

Hardening details

Launchpad must ensure that users cannot grant themselves access to confidential data or trusted resources. The Purple squad fixed many of these bugs while they were on maintenance duties while preparing for feature work. Most fixes involve restricting the use of inclusive teams because they do not control their membership.

Social private teams

Launchpad's private teams must be used in public contexts to be useful. Launchpad must allow private teams to be used like public teams when the team admins are willing to disclose the team's identifying information. Private teams can be members of other teams, and vice versa.

Information type details

Information types are used to describe the kind of information that the bug or branch contains. Launchpad matches the information type to a project's sharing policy to determine user privileges. Information types replace the conflated notions of private and security flags that some things had.

Sharing

Projects with confidential information are managing thousands of subscriptions to bugs and branches. People want to share their project with a small set of teams managing specific bugs or branches. Projects need to unshare information with users and teams and trust that Launchpad will do so.