On 07/26/2012 07:38 AM, "Jˇhann B. Gumundsson" wrote:
On 07/26/2012 09:55 AM, Rahul Sundaram wrote:
If someone posted a ticket with the expectation that it would be
private, opening them up to public is quite rude. Future tickets could
be public however and I urge the board to consider this.
Perhaps only active tickets should remain private and the board simply
ask the requester if they can be made public, all closed ticket be
opened up for public then all future tickets be made public?
The problems here are:
* The tickets filed with the Board are, at least a reasonable percentage
of the time, of a nature that they should be kept private (legal stuff,
* The Board trac instance (and trac in general within our
infrastructure) doesn't have a way to manage fine-grained permissions
beyond all-or-nothing for groups in the permissions list. In other
words: We can't apply permissions to tickets one-by-one. And I don't
think that having 2 separate ticket queues would be useful.
That said, it looks like http://trac-hacks.org/wiki/SecureTicketsPlugin
*might* be able to help - the opener of the ticket, or those with
existing permissions to modify a ticket, could set the component to be
one where permissions could be granted to a certain group beyond the
default private settings (ie: maybe anyone authenticated via FAS).
I realize that it's not quite as open as "seeing every single ticket
that comes across," but it does at least still provide those filing
sensitive tickets with a sense of privacy, which makes them more likely
to still file a ticket when needed, rather than deter them from pursuing
resolution to an issue.
I don't know if this particular plugin, when enabled, will allow someone
authenticated to do a full report view or if the report view will only
show tickets set with the appropriate component to make them public.
Sometimes tickets can reveal privacy things simply based on the subject,
so that wouldn't be very awesome to those ticket submitters. And I'm not
sure that the "authenticated" group would work properly, but I think it
probably should, but the worst case is that we could theoretically
create another fas group where those wanting to opt-in to seeing tickets
I realize it's not ideal, but I think maintaining privacy for some
tickets is important, and ticket submitters could select automatically
to have it public, and we could always verify if it looks to be
something that can be public if the submitter is okay with that and then
make it so. But it would be an improvement.
Of course, someone would actually have to package the plugin, and then
we'd need to get infra to add it to the plugins list. And then we'd have
to test it and hope it works as advertised
advisory-board mailing list
advisory-board mailing list