[Architecture] Enabling better collaboration by allowing users to see each other...

Tony Atkins tony at raisingthefloor.org
Thu Jul 17 14:37:41 EDT 2014 

Hi, Steve:

The fact that we have self-signups is incredibly common for open source
communities.  Every so often someone will manage to crack the current
generation of Captchas and you will get a spam account in a context like
this ("Neat pull request!  It reminds me of this shoe site I saw: [LINK]").


However, the vast majority of spam would come from having our profiles
visible along with email addresses, so the risk is currently quite low IMO.

The issue of creating bugs is a little different, and is configured per
project.  For those who are curious, I reviewed the current setup briefly,
a summary follows.

Anonymous users (people not logged in) can:

   1. See the list of projects
   2. View issues
   3. Search

Registered users (who can self-signup) can also do things like:

   1. Create new tickets
   2. Comment on existing tickets
   3. Edit their own comments, including removing them
   4. Add attachments to issues
   5. Delete files they have attached
   6. Assign issues (not sure why that's the case)
   7. See each other's profiles (but not email addresses).

Developers can also do things like:

   1. Move issues to another project
   2. Edit existing tickets
   3. Resolve issues
   4. Close issues
   5. Change someone else's comment content, including removing it
   6. Log Work on Issues (IMO, if we are going to allow people to assign
   issues to themselves, we should allow them to log work)

Cheers,


Tony



On Thu, Jul 17, 2014 at 10:40 AM, Steve Lee <steve at opendirective.com> wrote:

> Great
>
> So can anyone create bugs without being logged in? How do we authenticate
> those who get login privileges? How paranoid should we be?
>
> Personally 3 works for me as my email address is 'out there' anyway and my
> spam filters seem to work.
>
> Steve Lee
> OpenDirective http://opendirective.com
>
>
> On 17 July 2014 15:46, Steven Githens <swgithen at mtu.edu> wrote:
>
>> Hi Tony!
>>
>> I’d sort of be in favor of eventually using option 3 since that would
>> likely make life easier and faster in a number of situations when one is
>> bursting with activity, and can avoid going somewhere else to look it up
>> quick.
>>
>> I’m not sure what process we’d use to make that decision (maybe the one
>> Colin is drafting), but I think it’s reasonable that if you have an account
>> and log in, you can find the emails for other project members.
>>
>> -Steve
>>
>> On Jul 17, 2014, at 8:12 PM, Tony Atkins <tony at raisingthefloor.org>
>> wrote:
>>
>> Hi, Steves... :)
>>
>> I work on Thursday and Friday, so everyone got a bit longer grace period.
>>  I just opened up the "browse users" permission, which should fix the
>> original concern Till reported.
>>
>> I did also hide our email address as originally proposed, but wanted to
>> point out the full range of options:
>>
>>    1. Email addresses can be visible to everyone (including bots).
>>    2. Obfuscated addresses (tony at raisingthefloor dot org) can visible
>>    to everyone (including bots).
>>    3. Email addresses can be visible to people who are logged in.
>>    4. Email addresses can be completely withheld from everyone.
>>
>> As discussed last week, I have configured our JIRA instance for the
>> fourth option.  People can share issues with each other by using "at
>> mentions" in comments, or by using the "share" function on the top right
>> side of the issue view, but will not see each other's email addresses.
>>
>> I can see moving to option 3 if we feel that not having addresses is
>> stifling communication at all.  The other two seem more like a privacy
>> violation to me.
>>
>> In any case, we can change at any time, I say we live with it for a week
>> or two and comment here if there are concerns or problems.
>>
>> Cheers,
>>
>>
>> Tony
>>
>>
>> On Thu, Jul 17, 2014 at 7:42 AM, Steve Lee <steve at opendirective.com>
>> wrote:
>>
>>> I also offer a late +1 and wonder if you made the change?
>>>
>>> Steve Lee
>>> OpenDirective http://opendirective.com
>>>
>>>
>>> On 14 July 2014 15:06, Steven Githens <swgithen at mtu.edu> wrote:
>>>
>>>> Hi Tony,
>>>>
>>>> This sounds great.  Did you make the change? ( I’m a dev so I’m not
>>>> sure I would have noticed it not happening ).
>>>>
>>>> -Steve
>>>>
>>>>
>>>> On Jul 10, 2014, at 10:11 PM, Tony Atkins <tony at raisingthefloor.org>
>>>> wrote:
>>>>
>>>> Hi, All:
>>>>
>>>> Till pointed out recently that it's very difficult to involve people in
>>>> issues using shares and mentions, because of the way our JIRA instance is
>>>> configured:
>>>>
>>>> http://issues.gpii.net/browse/GPII-869
>>>>
>>>> Right now, we only allow our developers to see the list of users on our
>>>> JIRA instance, which means that only developers can easily share tickets
>>>> using the built in share and "at mention" mechanisms.
>>>>
>>>> I would propose opening this up so that people can more easily involve
>>>> other members of the community who we have not set up as developers in our
>>>> instance.  This seems much more in keeping with our overall philosophy of
>>>> inclusion.
>>>>
>>>> The only small concern is that the "browse user" permission allows
>>>> users to see each other's email address.  If this is a concern at all, I
>>>> would propose configuring JIRA to not show email addresses.  It will still
>>>> be possible to share content with other users through mentions and shares.
>>>>
>>>> The model is similar to LinkedIn, where you only know the user's
>>>> LinkedIn credentials and they can choose whether to share anything further
>>>> with you.
>>>>
>>>> I am putting this out for discussion today.  If there are no objections
>>>> by close of business tomorrow, I will go ahead and allow all JIRA users to
>>>> see other users and hide user email addresses in JIRA.  Each change is
>>>> easily reversible if there are any concerns or we choose to do things
>>>> differently.
>>>>
>>>> Cheers,
>>>>
>>>>
>>>> Tony
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture at lists.gpii.net
>>>> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture at lists.gpii.net
>>>> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.idrc.ocad.ca/pipermail/fluid-work/attachments/20140717/73cce797/attachment.html>

More information about the fluid-work mailing list