2005-10-14 19:03:33 |
Jeff Bailey |
bug |
|
|
added bug |
2005-12-16 12:59:46 |
Dafydd Harries |
launchpad: status |
New |
Accepted |
|
2007-01-25 21:01:23 |
Christian Reis |
bug |
|
|
added subscriber Kees Cook |
2007-08-06 22:16:23 |
Matthew Paul Thomas |
title |
LP Should not email bug contents when bug marked as confidential |
Launchpad sends (unencrypted) mail notifications about private bug reports |
|
2010-06-04 09:03:04 |
Graham Binns |
tags |
email |
email story-better-bug-notification |
|
2010-08-11 09:53:16 |
Graham Binns |
tags |
email story-better-bug-notification |
email story-better-bug-notification story-better-notification-sending |
|
2011-01-16 23:21:02 |
Robert Collins |
launchpad: importance |
Medium |
High |
|
2011-01-21 20:30:46 |
Gary Poster |
tags |
email lp-bugs story-better-bug-notification story-better-notification-sending |
email lp-bugs story-better-notification-sending |
|
2011-01-22 19:36:41 |
Daniel Hahler |
removed subscriber Daniel Hahler |
|
|
|
2011-05-30 08:04:28 |
William Grant |
removed subscriber Canonical Launchpad Engineering |
|
|
|
2011-10-22 13:58:03 |
Curtis Hovey |
tags |
email lp-bugs story-better-notification-sending |
email feature privacy |
|
2011-10-22 13:58:09 |
Curtis Hovey |
launchpad: importance |
High |
Low |
|
2011-10-23 20:53:49 |
Robert Collins |
launchpad: importance |
Low |
High |
|
2011-10-24 23:13:28 |
Eliah Kagan |
bug |
|
|
added subscriber Eliah Kagan |
2011-12-12 23:04:45 |
Robert Collins |
summary |
Launchpad sends (unencrypted) mail notifications about private bug reports |
Launchpad sends (unencrypted) mail notifications about private assets |
|
2011-12-12 23:13:30 |
Robert Collins |
description |
Launchpad should not send anything other than status notifications when a bug is marked confidential. The input into the website is already SSL secured, so it's easy to assume that the data will be kept secured and input too much information.
Tks,
Jeff Bailey
|
Symptoms
========
Launchpad sends notifications to changes on private objects via regular email.
This is not secured and could disclose private information if the mail is intercepted.
Users cannot readily reason about the chance of disclosure when entering private or proprietary data in to LP.
Analysis
========
Some of our users will want to run the risk of disclosure as they have folk they work with who have very limited internet facilities - doing 'object X has changed click here to see the change' style notifications would likely just frustrate them.
Other users have very high confidentiality concerns and may want to prevent all unsecured mail being sent.
We have one low hanging fruit we could apply: opportunistic TLS on the outbound mail path.
Failing that we probably need to do some stakeholder research to get a full handle on the expectations, and to assess the risks they face. |
|
2011-12-31 20:05:50 |
Robert Collins |
tags |
email feature privacy |
email feature notifications privacy |
|
2012-04-27 21:31:26 |
Aminda Suomalainen |
bug |
|
|
added subscriber Mika Suomalainen |
2018-01-21 04:59:29 |
Yongmin Hong |
bug |
|
|
added subscriber Yongmin Hong |
2019-09-16 12:58:09 |
Dimitri John Ledkov |
bug |
|
|
added subscriber William Grant |
2019-09-16 12:59:06 |
Brian Murray |
bug |
|
|
added subscriber Brian Murray |