On 07/30/2012 04:46 PM, Aaron Bentley wrote: > On 12-07-30 04:22 PM, Robert Collins wrote: >> On Tue, Jul 31, 2012 at 8:06 AM, Aaron Bentley >> <aa...@canonical.com> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> >>> On 12-07-30 03:10 PM, Robert Collins wrote: >>>> error when a name is blacklisted identical to the error when >>>> the name is already taken. >>> >>> We could certainly blacklist 'canonical*', etc without raising >>> suspicion. But would we blacklist arbitrary names in order to >>> conceal the fact that some of those names belonged to private >>> projects? > >> I don't think we need to - we don't need to publish the blacklist. > > I guess my point is that if we use a blacklist, it needs to be > credible. Users must think that if Launchpad denies them a name, the > blacklist is a likely cause. Given that users will encounter this > error for arbitrary names, the blacklist is only a credible > explanation if it contains arbitrary names. So presumably, we'd have > to actually blacklist some arbitrary names to maintain credibility. > > Now, I suppose we could do a structured blacklist like $USERNAME-*, > and only allow the named user to create projects with that name. We > would then need to require private projects to follow that naming > convention.
Since the system has been in production for 2.5 years and we registry/commercial admins have had few issues, I don't think we need to concern our selves with this. I have updated the name blacklist as needed. I told one group a name was not available. I had to add some admin teams to make sure Canonical staff can do their job. -- Curtis Hovey http://launchpad.net/~sinzui
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
