Re: Please add an option to set bug reports to "Private"

Hi guys,

On 21/12/16 17:17, Norbert Thiebaud wrote:
> > I'd be grateful if you could add an option to your bugtracker to hide
> > bug reports and/or sample files from public view, i.e., add a "Private"
> > option, so that only developers and admins can see them.
>
> The whole world is a potential 'developer' in an open source project.
> That is the whole point.

        I agree there are problems trying to work out who should be able to see
them; but we have some good lists already - eg. those with commit access
are people we trust - I don't think this is an insuperable problem.

        I think there is also a good sized grey area between 'published on the
web', and 'made available to a small group of dedicated and trusted
individuals'.

> The only viable alternative, as mentioned  elsewhere in this thread,
> is to sanitize the documents to remove 'sensitive' stuff.

        Completely agreed that we should not be encouraging private attachments
unless it is absolutely necessary; I think it should be specific to
legacy documents. Unfortunately, for these, which is what DLP is all
about, it is probably not feasible to install eg. this set of software:

        https://sourceforge.net/p/libmwaw/wiki/Home/

        And get it running in order to reduce older versions of file formats to
minimal documents (though that is of course best practice for newer
formats). It is on the other hand probably feasible to have a grab-bag
collection of old, legacy documents somewhere - which has a low risk of
anything confidential being in them (ie. ~15 years old documents ;-)
that is still useful.

        From the first days I worked on gnumeric, many of our best test
documents were sent to the developers, and maintained in a semi-private
collection that we used like our crash-testing suite for regression
testing. IMHO it's a reasonable & normal request to have a TDF
controlled mechanism for building such a thing - but lets put this on
the ESC agenda to discuss it there.

> You cannot expect volunteers to go through hoops to give you free
> support because you are not willing to do your part.

        I really don't believe that is a fair characterization of Christoph's
suggestion =)

        ATB,

                Michael.

-- 
michael.meeks@collabora.com <><, Pseudo Engineer, itinerant idiot