-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12-07-30 04:22 PM, Robert Collins wrote: > On Tue, Jul 31, 2012 at 8:06 AM, Aaron Bentley > <aa...@canonical.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 12-07-30 03:10 PM, Robert Collins wrote: >>> error when a name is blacklisted identical to the error when >>> the name is already taken. >> >> We could certainly blacklist 'canonical*', etc without raising >> suspicion. But would we blacklist arbitrary names in order to >> conceal the fact that some of those names belonged to private >> projects? > > I don't think we need to - we don't need to publish the blacklist.
I guess my point is that if we use a blacklist, it needs to be credible. Users must think that if Launchpad denies them a name, the blacklist is a likely cause. Given that users will encounter this error for arbitrary names, the blacklist is only a credible explanation if it contains arbitrary names. So presumably, we'd have to actually blacklist some arbitrary names to maintain credibility. Now, I suppose we could do a structured blacklist like $USERNAME-*, and only allow the named user to create projects with that name. We would then need to require private projects to follow that naming convention. Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAW8qIACgkQ0F+nu1YWqI3C1gCeOL/1uB0J4uEA8RHYUWGFfuEf 3a0An28a/6JaM2RfMwFs5D8LVUFpurJX =Qacr -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
