-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12-07-30 03:10 PM, Robert Collins wrote: > On Tue, Jul 31, 2012 at 6:26 AM, Aaron Bentley > <aa...@canonical.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 12-07-30 10:01 AM, Matthew Revell wrote: >>> https://dev.launchpad.net/LEP/PrivateProjects >> >>> An untrusted user cannot guess the name of a private project >>> based on the error message given when trying to register a new >>> project with the same name. >> >> How do we accomplish this? > > One way would be to document that we blacklist names, and make the > error when a name is blacklisted identical to the error when the > name is already taken.
We could certainly blacklist 'canonical*', etc without raising suspicion. But would we blacklist arbitrary names in order to conceal the fact that some of those names belonged to private projects? > Another would be to have projects namespaced under their owners, > which is the approach github has taken, and that neatly resolves a > bunch of issues around namespace ownership - but raises as many as > it solves when you consider our goal around consolidating upstream > communities - bridging the gap. But surely, private projects don't want to participate in upstream communities? Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAW6U8ACgkQ0F+nu1YWqI1TKQCfQ9lmHB6n4zVXS2JaLsXrLgPG 1iAAoIYDI/g/qfjrxUzgQ/JKb+70fdaZ =DZ/E -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
