optionally enable opaque indicators of sensitive activity in the timeline

[Daniel Kahn Gillmor]

Currently, SensitiveTicketsPlugin makes it so that tickets marked as sensitive don't show up in the timeline or in RSS feeds.

This is a good thing, but there are legitimate use cases where you want to be able to see that activity is happening without having to authenticate (e.g. an IRC bot that scrapes an RSS feed). If the activity is entirely opaque (e.g. the text of the timeline elements just says "someone made comment 17 on ticket 32") then the details of the sensitive ticket will remain confidential, but a polling/notifying daemon can still use the RSS feed.

So i think i'm proposing that SensitiveTicketsPlugin should optionally (based on a config variable) implement the ITimelineProvider interface and populate it with opaque renderings of activity on sensitive tickets. This timeline provider should default to off, of course, since it won't be very useful for folks to get these alerts if they can't follow the link.

[Daniel Kahn Gillmor]

patch to enable redacted indication of sensitive ticket activity in an unprivileged view of the timeline (should be applied after 7114.patch)

[anonymous]

I'm taking over this plugin from rowan, so i'll take responsibility for this ticket.

[Daniel Kahn Gillmor]

a revised version of the patch which uses a new permission (REDACTED_SENSITIVE_ACTIVITY_VIEW) instead of a config file change.

[Daniel Kahn Gillmor]

should be closed by r11288

[Steffen Hoffmann]

Ouch, this is a monstrous permission name. While I like the idea, I strongly vote for a shorter name.

How about SENSITIVE_OPAQUE_VIEW?

• Pros:
  • much shorter (doesn't stretch the select field too much as well)
  • lexically next to SENSITIVE_VIEW
  • less specific, so could be applied even to some blurred view at the ticket in the future, i.e. reduced ticket view without description, attachments and property editor, and with equally filtered change history or none at all
• Cons: (left to follow-up comments)

Only as a non-native speaker I'm not in the best position for a proposal.

[Daniel Kahn Gillmor]

I agree that the name i chose is on the monstrous side; shorter and sorting lexically next to SENSITIVE_VIEW would both be improvements.

However, making it less-specific, and with a view toward changing the semantics over time seems like a particularly bad idea for a privacy-enabling plugin.

SENSITIVE_REDACTED_ACTIVITY_VIEW would sort lexically nearer to SENSITIVE_VIEW, but is still long.

I worry that SENSITIVE_OPAQUE_VIEW is too vague. what about just SENSITIVE_ACTIVITY_VIEW, with the hope that that indicates that only the activity would be visible, but not the sensitive material itself? (that is, just lose the REDACTED_ prefix)

I'm reopening the ticket to indicate that this permission naming scheme isn't final yet.

[Daniel Kahn Gillmor]

as of r11294, i've swiched the name to SENSITIVE_ACTIVITY_VIEW. Hopefully this backward-incompatible change won't upset too many people, as the old version was only available for a day or so. I think you're right that shorter names and a closer lexical sort are worth this inconvenience of such a label switch, and it's probably better to just do the switch now instead of trying to support the too-verbose old name for the longterm.