Opened 5 years ago

Closed 5 years ago

# optionally enable opaque indicators of sensitive activity in the timeline

Reported by: Owned by: Daniel Kahn Gillmor Daniel Kahn Gillmor normal SensitiveTicketsPlugin normal opaque timeline filtered view 0.12

### Description

Currently, SensitiveTicketsPlugin makes it so that tickets marked as sensitive don't show up in the timeline or in RSS feeds.

This is a good thing, but there are legitimate use cases where you want to be able to see that activity is happening without having to authenticate (e.g. an IRC bot that scrapes an RSS feed). If the activity is entirely opaque (e.g. the text of the timeline elements just says "someone made comment 17 on ticket 32") then the details of the sensitive ticket will remain confidential, but a polling/notifying daemon can still use the RSS feed.

So i think i'm proposing that SensitiveTicketsPlugin should optionally (based on a config variable) implement the ITimelineProvider interface and populate it with opaque renderings of activity on sensitive tickets. This timeline provider should default to off, of course, since it won't be very useful for folks to get these alerts if they can't follow the link.

### Changed 5 years ago by Daniel Kahn Gillmor

patch to enable redacted indication of sensitive ticket activity in an unprivileged view of the timeline (should be applied after 7114.patch)

### comment:1 Changed 5 years ago by anonymous

Status: new → assigned

I'm taking over this plugin from rowan, so i'll take responsibility for this ticket.

### comment:2 Changed 5 years ago by Daniel Kahn Gillmor

Owner: changed from anonymous to Daniel Kahn Gillmor

### Changed 5 years ago by Daniel Kahn Gillmor

a revised version of the patch which uses a new permission (REDACTED_SENSITIVE_ACTIVITY_VIEW) instead of a config file change.

### comment:3 Changed 5 years ago by Daniel Kahn Gillmor

Resolution: → fixed assigned → closed

should be closed by r11288

### comment:4 Changed 5 years ago by Steffen Hoffmann

Keywords: opaque timeline filtered view added

Ouch, this is a monstrous permission name. While I like the idea, I strongly vote for a shorter name.

How about SENSITIVE_OPAQUE_VIEW?

• Pros:
• much shorter (doesn't stretch the select field too much as well)
• lexically next to SENSITIVE_VIEW
• less specific, so could be applied even to some blurred view at the ticket in the future, i.e. reduced ticket view without description, attachments and property editor, and with equally filtered change history or none at all
• Cons: (left to follow-up comments)

Only as a non-native speaker I'm not in the best position for a proposal.

### comment:5 Changed 5 years ago by Daniel Kahn Gillmor

Resolution: fixed closed → reopened

I agree that the name i chose is on the monstrous side; shorter and sorting lexically next to SENSITIVE_VIEW would both be improvements.

However, making it less-specific, and with a view toward changing the semantics over time seems like a particularly bad idea for a privacy-enabling plugin.

SENSITIVE_REDACTED_ACTIVITY_VIEW would sort lexically nearer to SENSITIVE_VIEW, but is still long.

I worry that SENSITIVE_OPAQUE_VIEW is too vague. what about just SENSITIVE_ACTIVITY_VIEW, with the hope that that indicates that only the activity would be visible, but not the sensitive material itself? (that is, just lose the REDACTED_ prefix)

I'm reopening the ticket to indicate that this permission naming scheme isn't final yet.

### comment:6 Changed 5 years ago by Daniel Kahn Gillmor

Resolution: → fixed reopened → closed

as of r11294, i've swiched the name to SENSITIVE_ACTIVITY_VIEW. Hopefully this backward-incompatible change won't upset too many people, as the old version was only available for a day or so. I think you're right that shorter names and a closer lexical sort are worth this inconvenience of such a label switch, and it's probably better to just do the switch now instead of trying to support the too-verbose old name for the longterm.

### Modify Ticket

Change Properties