Bug #3165 “Launchpad sends (unencrypted) mail notifications abou...” : Bugs : Launchpad itself

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head> <base href="https://bugs.launchpad.net/launchpad/+bug/3165/+index" /> <meta charset="UTF-8" /> <title>Bug #3165 “Launchpad sends (unencrypted) mail notifications abou...” : Bugs : Launchpad itself</title> <link rel="apple-touch-icon" sizes="180x180" href="/@@/apple-touch-icon.png?v=2022" /> <link rel="icon" type="image/png" sizes="32x32" href="/@@/favicon-32x32.png?v=2022" /> <link rel="icon" type="image/png" sizes="16x16" href="/@@/favicon-16x16.png?v=2022" /> <link rel="manifest" href="/@@/site.webmanifest?v=2022" /> <link rel="mask-icon" href="/@@/safari-pinned-tab.svg?v=2022" color="#e9531f" /> <link rel="shortcut icon" href="/@@/favicon.ico?v=2022" /> <meta name="msapplication-TileColor" content="#da532c" /> <meta name="msapplication-config" content="/@@/browserconfig.xml?v=2022" /> <meta name="theme-color" content="#ffffff" /> <link rel="canonical" href="https://bugs.launchpad.net/bugs/3165" /> <link rel="alternate" type="application/atom+xml" href="http://feeds.launchpad.net/bugs/3165/bug.atom" title="Bug 3165 Feed" /> <link type="text/css" rel="stylesheet" media="screen, print" href="/+icing/rev78860d903de6d6d7dd5a0ade63efaca45d3467e2/combo.css" /> <meta name="description" content="Symptoms ======== Launchpad sends notifications to changes on private objects via regular email. This is not secured and could disclose private information if the mail is intercepted. Users cannot readily reason about the chance of disclosure when entering private or proprietary data in to LP. Analysis ======== Some of our users will want to run the risk of disclosure as they have folk they work with who have very limited internet facilities - doing 'object X has changed click here to se..." /> <meta property="og:description" content="Symptoms ======== Launchpad sends notifications to changes on private objects via regular email. This is not secured and could disclose private information if the mail is intercepted. Users cannot readily reason about the chance of disclosure when entering private or proprietary data in to LP. Analysis ======== Some of our users will want to run the risk of disclosure as they have folk they work with who have very limited internet facilities - doing 'object X has changed click here to se..." /> <meta property="og:title" content="Bug #3165 “Launchpad sends (unencrypted) mail notifications abou...” : Bugs : Launchpad itself" /> <meta property="og:type" content="website" /> <meta property="og:image" content="/@@/launchpad-og-image.png" /> <meta property="og:url" content="https://bugs.launchpad.net/bugs/3165" /> <meta property="og:site_name" content="Launchpad" /> <script type="text/javascript"> var LP = { cache: {}, links: {} }; </script> <script type="text/javascript">var cookie_scope = '; Path=/; Secure; Domain=.launchpad.net';</script> <script type="text/javascript" src="/+combo/rev78860d903de6d6d7dd5a0ade63efaca45d3467e2/?yui/yui/yui-min.js&lp/meta.js&yui/loader/loader-min.js"></script> <script type="text/javascript"> var raw = null; if (LP.devmode) { raw = 'raw'; } YUI.GlobalConfig = { combine: true, comboBase: '/+combo/rev78860d903de6d6d7dd5a0ade63efaca45d3467e2/?', root: 'yui/', filter: raw, debug: false, fetchCSS: false, maxURLLength: 2000, groups: { lp: { combine: true, base: '/+combo/rev78860d903de6d6d7dd5a0ade63efaca45d3467e2/?lp/', comboBase: '/+combo/rev78860d903de6d6d7dd5a0ade63efaca45d3467e2/?', root: 'lp/', // comes from including lp/meta.js modules: LP_MODULES, fetchCSS: false } } }</script> <script type="text/javascript"> // we need this to create a single YUI instance all events and code // talks across. All instances of YUI().use should be based off of // LPJS instead. var LPJS = new YUI(); </script> <script id="base-layout-load-scripts" type="text/javascript"> //<![CDATA[ LPJS.use('base', 'node', 'console', 'event', 'oop', 'lp', 'lp.app.foldables','lp.app.sorttable', 'lp.app.inlinehelp', 'lp.app.links', 'lp.bugs.bugtask_index', 'lp.bugs.subscribers', 'lp.app.ellipsis', 'lp.code.branchmergeproposal.diff', 'lp.views.global', function(Y) { Y.on("domready", function () { var global_view = new Y.lp.views.Global(); global_view.render(); Y.lp.app.sorttable.SortTable.init(); Y.lp.app.inlinehelp.init_help(); Y.lp.activate_collapsibles(); Y.lp.app.foldables.activate(); Y.lp.app.links.check_valid_lp_links(); }); Y.on('lp:context:web_link:changed', function(e) { window.location = e.new_value; }); }); //]]> </script> <script id="base-helper-functions" type="text/javascript"> //<![CDATA[ // This code is pulled from lp.js that needs to be available on every // request. Pulling here to get it outside the scope of the YUI block. function setFocusByName(name) { // Focus the first element matching the given name which can be focused. var nodes = document.getElementsByName(name); var i, node; for (i = 0; i < nodes.length; i++) { node = nodes[i]; if (node.focus) { try { // Trying to focus a hidden element throws an error in IE8. if (node.offsetHeight !== 0) { node.focus(); } } catch (e) { LPJS.use('console', function(Y) { Y.log('In setFocusByName(<' + node.tagName + ' type=' + node.type + '>): ' + e); }); } break; } } } function selectWidget(widget_name, event) { if (event && (event.keyCode === 9 || event.keyCode === 13)) { // Avoid firing if user is tabbing through or simply pressing // enter to submit the form. return; } document.getElementById(widget_name).checked = true; } //]]> </script> <script type="text/javascript" id="available-official-tags-js">var available_official_tags = ["403", "404", "answer-contacts", "api", "apocalypse", "boobytrap", "branch-puller", "branch-scanner", "branch-stacking", "branches", "branding", "bug-branch-links", "bug-columns", "bug-nomination", "bug-relationships", "bug-search", "bughistory", "bugs", "bugtag", "bugtrackers", "bugwatch", "build-infrastructure", "buildd-manager", "buildfarm", "canonical-losa-lp", "chr", "code-import", "code-integration", "code-review", "codebrowse", "codehosting-ssh", "codeofconduct", "comments", "confusing-ui", "contact-via-web", "contribution", "css", "cves", "derivation", "disclosure", "distributions", "docs", "dupefinder", "easy", "email", "entitlement", "escalated", "fallout", "faqs", "feature", "feature-flags", "feeds", "form-focus", "gina", "git", "gpg", "help", "hwdb", "i18n", "icons", "ie", "import-queue", "infrastructure", "inline-comments", "internal-api", "jabber", "javascript", "karma", "librarian", "linaro", "lp-answers", "lp-blueprints", "lp-bugs", "lp-code", "lp-foundations", "lp-registry", "lp-snappy", "lp-soyuz", "lp-translations", "lp-web", "mailing-lists", "markup", "merge-deactivate", "message-sharing", "microformats", "milestones", "mirror", "ml-archive-sucks", "motu", "oci", "oem-services", "oops", "oops-infrastructure", "openid", "p3a", "package-branches", "package-copies", "package-diff", "package-link", "package-overrides", "packages", "packagesets", "partner", "patch-tracking", "performance", "person-picker", "planning", "poppy", "ppa", "priority-inheritance", "privacy", "private-projects", "product-release-finder", "project-announcements", "projectgroups", "projects", "python-upgrade", "qa-bad", "qa-needstesting", "qa-ok", "qa-untestable", "questions", "queue-page", "quickly", "recipe", "regression", "related-projects-packages", "releases", "rosetta-imports", "search", "series", "sharing", "soyuz-build", "soyuz-core", "soyuz-ftpmaster-tools", "soyuz-publish", "soyuz-security", "soyuz-upload", "specifications", "sprints", "spurious-test-failure", "ssh", "story-better-bug-notification", "structural-navigation", "subscribers", "tales", "teams", "tech-debt", "template-generation", "test-system", "timeline", "timeout", "tour", "translations-branch", "trivial", "ubuntu-platform", "ubuntu-qa", "ubuntu-upstream-relations", "udd", "ui", "ui-debt", "upgrade", "upstream-translations-sharing", "users", "wcag", "webapp-infrastructure", "wiki", "work-item-tracker"];</script> <script type="text/javascript"> LPJS.use('base', 'node', 'oop', 'event', 'lp.bugs.bugtask_index', 'lp.bugs.subscribers', 'lp.code.branchmergeproposal.diff', 'lp.app.comment', 'lp.services.messages.edit', function(Y) { Y.on('domready', function() { Y.lp.code.branchmergeproposal.diff.connect_diff_links(); Y.lp.bugs.bugtask_index.setup_bugtask_index(); Y.lp.bugs.bugtask_index.setup_bugtask_table(); LP.cache.comment_context = LP.cache.bug; var cl = new Y.lp.app.comment.CommentList(); cl.render(); var sl = new Y.lp.bugs.subscribers.createBugSubscribersLoader({ container_box: '#other-bug-subscribers', subscribers_details_view: '/+bug-portlet-subscribers-details', subscribe_someone_else_link: '.menu-link-addsubscriber' }, window); Y.lp.services.messages.edit.setup(); }); }); </script> <style type="text/css"> /* Align the 'add comment' link to the right of the comment box. */ #add-comment-form textarea { width: 100%; } #add-comment-form { max-width: 60em; padding-bottom: 4em; } #add-comment-form .actions {float: right;} .buglink-summary dd { font-size: 10px; } a#privacy-link:link:hover, a#privacy-link:visited:hover {text-decoration:none;} </style> <style type="text/css"> .yui3-overlay .value label { /* It normally makes sense for form labels to be bold, but since this form consists only of radio buttons, there's nothing but labels so we just get wall-to-wall bold. */ font-weight: normal !important; } </style> </head> <body id="document" itemscope="" itemtype="http://schema.org/WebPage" class="tab-bugs main_side public yui3-skin-sam"> <div class="yui-d0"> <div id="locationbar" class="login-logout"> <div id="logincontrol"><a href="https://bugs.launchpad.net/launchpad/+bug/3165/+login">Log in / Register</a></div> </div> <div id="watermark" class="watermark-apps-portlet"> <div> <a href="https://launchpad.net/launchpad"><img alt="" width="64" height="64" src="https://launchpadlibrarian.net/600817174/Canonical_Launchpad_icon_64px.png" /></a> </div> <div class="wide"> <h2 id="watermark-heading"><a href="https://launchpad.net/launchpad">Launchpad itself</a></h2> </div>  <ul class="facetmenu"> <li class="overview"><a href="https://launchpad.net/launchpad">Overview</a></li> <li class="branches"><a href="https://code.launchpad.net/launchpad">Code</a></li> <li class="bugs active"><a href="https://bugs.launchpad.net/launchpad">Bugs</a></li> <li class="specifications"><a href="https://blueprints.launchpad.net/launchpad">Blueprints</a></li> <li class="translations"><a href="https://translations.launchpad.net/launchpad">Translations</a></li> <li class="answers"><a href="https://answers.launchpad.net/launchpad">Answers</a></li> </ul> </div> <div class="yui-t4"> <div id="maincontent" class="yui-main"> <div class="yui-b" dir="ltr"> <div class="context-publication"> <h1 id="edit-title"> <span class="yui3-editable_text-text ellipsis" style="max-width: 95%;"> Launchpad sends (unencrypted) mail notifications about private assets </span> </h1> <div id="registration" class="registering"> Bug #3165 reported by <a href="https://launchpad.net/~jbailey" class="sprite person">Jeff Bailey</a> <time title="2005-10-14 19:03:33 UTC" datetime="2005-10-14T19:03:33.381842+00:00">on 2005-10-14</time> </div> </div> <div id="request-notifications"> </div> <div> <div id="bug-is-duplicate"> </div> <div style="float: right;"> <span><a href="/+help-bugs/bug-heat.html" target="help" class="sprite flame">314</a></span> </div> <div class="actions"> <span id="affectsmetoo" style="display: inline">This bug affects 6 people</span> </div> <table id="affected-software" class="listing"> <thead> <tr> <th colspan="2">Affects</th> <th>Status</th> <th>Importance</th> <th>Assigned to</th> <th>Milestone</th> </tr> </thead> <tbody> <tr class="highlight" id="tasksummary3318"> <td> </td> <td> <span id="bugtarget-picker-tasksummary3318"> <span class="yui3-activator-data-box"> <a class="sprite product" href="https://bugs.launchpad.net/launchpad">Launchpad itself</a> </span> <div class="yui3-activator-message-box yui3-activator-hidden"></div> </span> </td> <td style="width: 20%; vertical-align: middle"> <div class="status-content" style="width: 100%; float: left"> <span style="float: left" class="value statusTRIAGED">Triaged</span> </div> </td> <td style="width: 15em; vertical-align: middle"> <div class="importance-content" style="width: 100%; float: left"> <span style="float: left" class="value importanceHIGH">High</span> </div> </td> <td style="width:20%; margin: 0; padding: 0; vertical-align: middle; padding-left: 0.5em"> <span id="assignee-picker-tasksummary3318"> <span class="yui3-activator-data-box"> Unassigned </span> <div class="yui3-activator-message-box yui3-activator-hidden"></div> </span> </td> <td style="width: 20%; vertical-align: middle"> </td> </tr> </tbody> </table> <div id="maincontentsub"> <div class="top-portlet"> <div itemprop="mainContentOfPage" class="report"> <div> <div class="lazr-multiline-edit" id="edit-description"> <div class="clearfix"> <h3>Bug Description</h3> </div> <div class="yui3-editable_text-text"><p>Symptoms<br /> ========</p> <p>Launchpad sends notifications to changes on private objects via regular email.</p> <p>This is not secured and could disclose private information if the mail is intercepted.</p> <p>Users cannot readily reason about the chance of disclosure when entering private or proprietary data in to LP.</p> <p>Analysis<br /> ========</p> <p>Some of our users will want to run the risk of disclosure as they have folk they work with who have very limited internet facilities - doing 'object X has changed click here to see the change' style notifications would likely just frustrate them.</p> <p>Other users have very high confidentiality concerns and may want to prevent all unsecured mail being sent.</p> <p>We have one low hanging fruit we could apply: opportunistic TLS on the outbound mail path.</p> <p>Failing that we probably need to do some stakeholder research to get a full handle on the expectations, and to assess the risks they face.</p></div> </div> </div> <div style="margin:-10px 0 20px 5px" class="clearfix"> <span>See <a href="comments/0">original description</a></span> </div> <div id="bug-tags"> <span id="tags-heading"> Tags: </span> <span id="tag-list"> <a class="official-tag" href="/launchpad/+bugs?field.tag=email">email</a> <a class="official-tag" href="/launchpad/+bugs?field.tag=feature">feature</a> <a class="official-tag" href="/launchpad/+bugs?field.tag=privacy">privacy</a> <a class="unofficial-tag" href="/launchpad/+bugs?field.tag=notifications">notifications</a> </span> </div> <script type="text/javascript"> LPJS.use('event', 'node', 'lp.bugs.tags_entry', function(Y) { Y.on('domready', function(e) { Y.lp.bugs.tags_entry.setup_tag_entry( available_official_tags); }, window); }); </script> <div class="clearfix"></div> </div> <div id="branches-and-cves"> <div id="bug-branches-container" style="float: left"> </div> <div class="clearfix"></div> </div>  </div> <div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/1" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~jamesh" class="sprite person">James Henstridge (jamesh)</a> wrote <time itemprop="commentTime" datetime="2005-10-17T04:58:55.458628+00:00" title="2005-10-17 04:58:55 UTC">on 2005-10-17</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/1"> #1</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>One option might be to encrypt private bug mail (assuming that the user has registered a GPG key that is usable for encryption).</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">One option might be to encrypt private bug mail (assuming that the user has registered a GPG key that is usable for encryption).</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/2" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~jbailey" class="sprite person">Jeff Bailey (jbailey)</a> wrote <time itemprop="commentTime" datetime="2005-10-17T13:18:45.684067+00:00" title="2005-10-17 13:18:45 UTC">on 2005-10-17</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/2"> #2</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Yup. It might be interested to have a preferences option for Encrypt: Always, confidential, and never. Sign: Always, confidential, and never.</p> <p>But I don't know that it would solve the problem for the average end user. If it's not set to encrypt the confidential email, I think it still shouldn't send the contents. Otherwise someone pasting logs with passwords might not realise that it's going over a plaintext session until after they've received a copy of it.</p> <p>Tks,<br /> Jeff Bailey</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Yup. It might be interested to have a preferences option for Encrypt: Always, confidential, and never. Sign: Always, confidential, and never. But I don't know that it would solve the problem for the average end user. If it's not set to encrypt the confidential email, I think it still shouldn't send the contents. Otherwise someone pasting logs with passwords might not realise that it's going over a plaintext session until after they've received a copy of it. Tks, Jeff Bailey </textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~daf" class="sprite person">Dafydd Harries (daf)</a> <time title="2005-12-16 12:59:46 UTC" datetime="2005-12-16T12:59:46.665012+00:00">on 2005-12-16</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td colspan="2">Changed in launchpad: </td> </tr> <tr> <td style="text-align: right;"> <b>status</b>: </td> <td> New → Accepted </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/3" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~kiko" class="sprite person">Christian Reis (kiko)</a> wrote <time itemprop="commentTime" datetime="2007-01-25T21:01:40.630046+00:00" title="2007-01-25 21:01:40 UTC">on 2007-01-25</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/3"> #3</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Won't this be seriously inconvenient for security personnel?</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Won't this be seriously inconvenient for security personnel?</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/4" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~kees" class="sprite person">Kees Cook (kees)</a> wrote <time itemprop="commentTime" datetime="2007-01-25T22:38:43.123766+00:00" title="2007-01-25 22:38:43 UTC">on 2007-01-25</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/4"> #4</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>I wouldn't mind emails getting encrypted.</p> <p>As for the other option, it would be a minor inconvenience to have no contents at all, as the majority of the security bugs are not marked private. Since I already use LP to do the security bug reviews (email notifications tend to just be a "reminder" to go check the bug lists), it wouldn't be too bad for me. (As long as there's still a bug URL in the email, I'm happy.)</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">I wouldn't mind emails getting encrypted. As for the other option, it would be a minor inconvenience to have no contents at all, as the majority of the security bugs are not marked private. Since I already use LP to do the security bug reviews (email notifications tend to just be a "reminder" to go check the bug lists), it wouldn't be too bad for me. (As long as there's still a bug URL in the email, I'm happy.)</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/5" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~soren" class="sprite person">Soren Hansen (soren)</a> wrote <time itemprop="commentTime" datetime="2007-08-01T13:31:42.839559+00:00" title="2007-08-01 13:31:42 UTC">on 2007-08-01</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/5"> #5</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>How about this:</p> <p>If a bug is not private, do what we've always done.</p> <p>If a bug is private, and the user has accepted to get encrypted e-mail, encrypt it. If he hasn't accepted to receive encrypted mail, send only the status change stuff (and perhaps a notification of new comments). The footer should contain a link to the place where you change your "accept encrypted e-mail" setting.</p> <p>When implementing this, it might make sense to go through all the bug mail that malone has received, find the GPG signed e-mails and set "accept encrypted e-mail" for the senders to "on" as they clearly have used gpg before and are likely to be able to use it. Also, when a user sends his first gpg signed e-mail to malone, this setting should be set to "on".</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">How about this: If a bug is not private, do what we've always done. If a bug is private, and the user has accepted to get encrypted e-mail, encrypt it. If he hasn't accepted to receive encrypted mail, send only the status change stuff (and perhaps a notification of new comments). The footer should contain a link to the place where you change your "accept encrypted e-mail" setting. When implementing this, it might make sense to go through all the bug mail that malone has received, find the GPG signed e-mails and set "accept encrypted e-mail" for the senders to "on" as they clearly have used gpg before and are likely to be able to use it. Also, when a user sends his first gpg signed e-mail to malone, this setting should be set to "on".</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/6" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~jbailey" class="sprite person">Jeff Bailey (jbailey)</a> wrote <time itemprop="commentTime" datetime="2007-08-01T17:12:02.205454+00:00" title="2007-08-01 17:12:02 UTC">on 2007-08-01</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/6"> #6</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Soren,</p> <p>I'd say status change, plus URL to get to the message. After that, it looks good to me.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Soren, I'd say status change, plus URL to get to the message. After that, it looks good to me. </textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~gmb" class="sprite person">Graham Binns (gmb)</a> <time title="2010-06-04 09:03:04 UTC" datetime="2010-06-04T09:03:04.180547+00:00">on 2010-06-04</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>tags</b>: </td> <td> added: story-better-bug-notification </td> </tr> </table> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~gmb" class="sprite person">Graham Binns (gmb)</a> <time title="2010-08-11 09:53:16 UTC" datetime="2010-08-11T09:53:16.043094+00:00">on 2010-08-11</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>tags</b>: </td> <td> added: story-better-notification-sending </td> </tr> </table> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> <time title="2011-01-16 23:21:02 UTC" datetime="2011-01-16T23:21:02.144205+00:00">on 2011-01-16</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td colspan="2">Changed in launchpad: </td> </tr> <tr> <td style="text-align: right;"> <b>importance</b>: </td> <td> Medium → High </td> </tr> </table> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~gary" class="sprite person">Gary Poster (gary)</a> <time title="2011-01-21 20:30:46 UTC" datetime="2011-01-21T20:30:46.005872+00:00">on 2011-01-21</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>tags</b>: </td> <td> removed: story-better-bug-notification </td> </tr> </table> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~sinzui" class="sprite person">Curtis Hovey (sinzui)</a> <time title="2011-10-22 13:58:03 UTC" datetime="2011-10-22T13:58:03.776927+00:00">on 2011-10-22</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>tags</b>: </td> <td> added: feature privacy<br />removed: lp-bugs story-better-notification-sending </td> </tr> <tr> <td colspan="2">Changed in launchpad: </td> </tr> <tr> <td style="text-align: right;"> <b>importance</b>: </td> <td> High → Low </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/7" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> wrote <time itemprop="commentTime" datetime="2011-10-23T20:54:27.342260+00:00" title="2011-10-23 20:54:27 UTC">on 2011-10-23</time><span class="editable-message-last-edit-date">: </span> <a href="/launchpad/+bug/3165/comments/7"> <strong>Re: Launchpad sends (unencrypted) mail notifications about private bug reports</strong> </a> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/7"> #7</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>I'm putting this back to high, because our notifications really make a bit of a mockery of our ssl-only approach.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">I'm putting this back to high, because our notifications really make a bit of a mockery of our ssl-only approach.</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td colspan="2">Changed in launchpad: </td> </tr> <tr> <td style="text-align: right;"> <b>importance</b>: </td> <td> Low → High </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/8" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~sinzui" class="sprite person">Curtis Hovey (sinzui)</a> wrote <time itemprop="commentTime" datetime="2011-10-24T13:40:44.272615+00:00" title="2011-10-24 13:40:44 UTC">on 2011-10-24</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/8"> #8</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>good luck implementing this in the next two years</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">good luck implementing this in the next two years</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/9" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~mbp" class="sprite person">Martin Pool (mbp)</a> wrote <time itemprop="commentTime" datetime="2011-10-25T06:57:39+00:00" title="2011-10-25 06:57:39 UTC">on 2011-10-25</time><span class="editable-message-last-edit-date">: </span> <a href="/launchpad/+bug/3165/comments/9"> <strong>Re: [Bug 3165] Re: Launchpad sends (unencrypted) mail notifications about private bug reports</strong> </a> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/9"> #9</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Turning on voluntary SMTP TLS on outgoing mail (from eg fiordland)<br /> would get close to the security properties of https, with no code<br /> changes and no user disruption. Like for https, this would protect<br /> the data in transit, and it is fairly plausible (though not<br /> guaranteed) that users have a secure path between their MUA and MX,<br /> and that their MUA is as secure as their browser.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Turning on voluntary SMTP TLS on outgoing mail (from eg fiordland) would get close to the security properties of https, with no code changes and no user disruption. Like for https, this would protect the data in transit, and it is fairly plausible (though not guaranteed) that users have a secure path between their MUA and MX, and that their MUA is as secure as their browser. </textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> <time title="2011-12-12 23:04:45 UTC" datetime="2011-12-12T23:04:45.839072+00:00">on 2011-12-12</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>summary</b>: </td> <td> - Launchpad sends (unencrypted) mail notifications about private bug<br />- reports<br />+ Launchpad sends (unencrypted) mail notifications about private assets </td> </tr> </table> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> <time title="2011-12-12 23:13:30 UTC" datetime="2011-12-12T23:13:30.945565+00:00">on 2011-12-12</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>description</b>: </td> <td> updated </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/10" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~mbp" class="sprite person">Martin Pool (mbp)</a> wrote <time itemprop="commentTime" datetime="2011-12-14T06:35:45+00:00" title="2011-12-14 06:35:45 UTC">on 2011-12-14</time><span class="editable-message-last-edit-date">: </span> <a href="/launchpad/+bug/3165/comments/10"> <strong>Re: [Bug 3165] Re: Launchpad sends (unencrypted) mail notifications about private assets</strong> </a> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/10"> #10</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>fwiw I think there is an existing, very old rt, for doing this.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">fwiw I think there is an existing, very old rt, for doing this. </textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/11" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> wrote <time itemprop="commentTime" datetime="2011-12-31T19:56:22.971293+00:00" title="2011-12-31 19:56:22 UTC">on 2011-12-31</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/11"> #11</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>Stakeholders would like this addressed in some fashion; optimistic TLS as a requirement is probably a decent approach - and route all non-optimistic-TLS mails tagged for private objects to a blackhole that logs the fact and swallows the mail.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">Stakeholders would like this addressed in some fashion; optimistic TLS as a requirement is probably a decent approach - and route all non-optimistic-TLS mails tagged for private objects to a blackhole that logs the fact and swallows the mail.</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div class="boardComment"> <div class="boardCommentDetails"> <a href="https://launchpad.net/~lifeless" class="sprite person">Robert Collins (lifeless)</a> <time title="2011-12-31 20:05:50 UTC" datetime="2011-12-31T20:05:50.899803+00:00">on 2011-12-31</time> </div> <div class="boardCommentActivity"> <table class="bug-activity"> <tr> <td style="text-align: right;"> <b>tags</b>: </td> <td> added: notifications </td> </tr> </table> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/12" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~johnross-johnross" class="sprite person">John Ross (johnross-johnross)</a> wrote <time itemprop="commentTime" datetime="2014-10-22T22:32:19.132765+00:00" title="2014-10-22 22:32:19 UTC">on 2014-10-22</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/12"> #12</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>I was just made aware of this bug report after mine was marked as a duplicate. I'm absolutely astounded that this has been known since 2005 and yet nothing has changed!</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">I was just made aware of this bug report after mine was marked as a duplicate. I'm absolutely astounded that this has been known since 2005 and yet nothing has changed! </textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/UserComments" class="boardComment editable-message " data-baseurl="/launchpad/+bug/3165/comments/14" data-i-can-edit="False"> <div class="boardCommentDetails"> <div class="message-revision-container"> <div class="message-revision-container-header"> <span>Revision history for this message</span> <img src="/+icing/build/overlay/assets/skins/sam/images/close.gif" class="message-revision-close" /> </div> <script type="text/template"> <div class='message-revision-item'> <div class='message-revision-title'> <a class="sprite remove action-icon message-revision-del-btn"> Remove </a> <a class="js-action"> Revision #{revision}, created at {date_created_display} </a> </div> <div class='message-revision-body'>{content}</div> </div> </script> <div class="message-revision-list"></div> </div> <table> <tbody> <tr> <td> <a href="https://launchpad.net/~xnox" class="sprite person">Dimitri John Ledkov (xnox)</a> wrote <time itemprop="commentTime" datetime="2019-09-16T13:03:06.687133+00:00" title="2019-09-16 13:03:06 UTC">on 2019-09-16</time><span class="editable-message-last-edit-date">: </span> </td> <td> </td> <td> </td> <td class="bug-comment-index"> <a itemprop="url" href="/launchpad/+bug/3165/comments/14"> #14</a> </td> </tr> </tbody> </table> </div> <div class="boardCommentBody"> <div class="editable-message-body"> <div class="comment-text editable-message-text" itemprop="commentText"><p>For example, It would be nice to have a toggle on account level to not mail out notifications about private things ever.</p> <p>Or, for example, make a secure notification with a generic text and obfuscated authenticated url which will redirect to the whatever the notification is (i.e. build failure, bug report, merge proposal, etc). Apparently some banks in US do "secure mail" this way, to enforce TLS+http retrieval of notifications.</p></div> </div> <div class="editable-message-form" style="display: none"> <textarea style="width: 100%" rows="10">For example, It would be nice to have a toggle on account level to not mail out notifications about private things ever. Or, for example, make a secure notification with a generic text and obfuscated authenticated url which will redirect to the whatever the notification is (i.e. build failure, bug report, merge proposal, etc). Apparently some banks in US do "secure mail" this way, to enforce TLS+http retrieval of notifications.</textarea> <input type="button" value="Update" class="editable-message-update-btn" /> <input type="button" value="Cancel" class="editable-message-cancel-btn" /> </div> </div> </div> <div style="float: right;"> <a class="menu-link-activitylog" href="https://bugs.launchpad.net/launchpad/+bug/3165/+activity">See full activity log</a> </div> <div class="clearfix"></div> <div align="center" id="add-comment-login-first"> To post a comment you must <a href="+login?comments=all">log in</a>. </div> </div> </div> <div> <div id="duplicate-form-container"></div> <div id="privacy-form-container"></div> </div> </div> </div> </div> <div id="side-portlets" class="yui-b side"> <div id="involvement" class="portlet"> <ul class="involvement"> <li class="single"> <a class="sprite bugs" href="/launchpad/+filebug"> Report a bug </a> </li> </ul> </div> <div id="privacy" class="first portlet public"> <div id="privacy-text"> <span id="information-type-summary" class="sprite public">This report contains <strong id="information-type">Public Security</strong> information </span>  <div id="information-type-description" style="padding-top: 5px">Everyone can see this security related information. </div> </div> </div> <div id="portlet-actions" class="portlet vertical"> <ul id="duplicate-actions"> </ul> <ul id="lock-status-actions"> </ul> </div> <div class="portlet" id="portlet-duplicates"> <h2>Duplicates of this bug</h2> <ul> <li> <a class="sprite bug" href="https://bugs.launchpad.net/launchpad/+bug/129690" title="Private/security bug mail should be encrypted"> Bug #129690</a> </li> <li> <a class="sprite bug" href="https://bugs.launchpad.net/launchpad/+bug/1352625" title="Launchpad private security bug report trasmitted in open e-mail"> Bug #1352625</a> </li> <li> <a class="sprite bug" href="https://bugs.launchpad.net/launchpad/+bug/1545503" title="Launchpad should encrypt all mails for security bugs"> Bug #1545503</a> </li> </ul> </div> <div class="portlet vertical" id="portlet-subscription"> <div class="section"> <div id="current_user_subscription" class="False"> <span>You are</span> <a class="menu-link-subscription sprite modify edit" href="/launchpad/+bug/3165/+subscribe"> not directly subscribed to this bug's notifications. </a> </div> <div id="sub-unsub-spinner">Subscribing...</div> <ul> <li><a class="menu-link-editsubscriptions sprite modify edit" href="https://bugs.launchpad.net/launchpad/+bug/3165/+subscriptions" title="View and change your subscriptions to this bug">Edit bug mail</a></li> </ul> </div> <script type="text/javascript"> LPJS.use('io-base', 'node', 'lp.bugs.bugtask_index.portlets.subscription', function(Y) { Y.on('domready', function() { Y.lp.bugs.bugtask_index.portlets.subscription.initialize(); }); }); </script> </div> <div class="portlet vertical" id="portlet-subscribers"> <h2>Other bug subscribers</h2> <div> <div><a class="menu-link-addsubscriber sprite add" href="https://bugs.launchpad.net/launchpad/+bug/3165/+addsubscriber" title="Launchpad will email that person whenever this bugs changes">Subscribe someone else</a></div> </div> <div id="other-bug-subscribers"></div> </div> <div class="portlet" id="portlet-watches"> <h2>Remote bug watches</h2> <ul> </ul> <p>Bug watches keep track of this bug in other bug trackers.</p> </div> </div> </div> <div id="footer" class="footer"> <div class="lp-arcana"> <div class="lp-branding"> <a href="https://launchpad.net/"><img src="/@@/launchpad-footer-logo.svg" alt="Launchpad" width="65" height="18" /></a>  •  <a href="https://launchpad.net/+tour">Take the tour</a>  •  <a href="https://help.launchpad.net/">Read the guide</a>   <form id="globalsearch" method="get" accept-charset="UTF-8" action="https://launchpad.net/+search"> <input type="search" id="search-text" name="field.text" /> <input type="image" src="/@@/search" style="vertical-align:5%" alt="Search Launchpad" /> </form> </div> </div> <div class="colophon"> © 2004 <a href="http://canonical.com/">Canonical Ltd.</a>  •  <a href="https://launchpad.net/legal">Terms of use</a>  •  <a href="https://www.ubuntu.com/legal/dataprivacy">Data privacy</a>  •  <a href="/feedback">Contact Launchpad Support</a>  •  <a href="http://blog.launchpad.net/">Blog</a>  •  <a href="https://canonical.com/careers">Careers</a>  •  <a href="https://ubuntu.social/@launchpadstatus">System status</a> <span id="lp-version">  •  78860d9 (<a href="https://dev.launchpad.net/">Get the code!</a>) </span> </div> </div> </div> <script id="json-cache-script">LP.cache = {"related_features": {}, "bug": {"self_link": "https://bugs.launchpad.net/api/devel/bugs/3165", "web_link": "https://bugs.launchpad.net/bugs/3165", "resource_type_link": "https://bugs.launchpad.net/api/devel/#bug", "id": 3165, "private": false, "information_type": "Public Security", "name": null, "title": "Launchpad sends (unencrypted) mail notifications about private assets", "description": "Symptoms\n========\n\nLaunchpad sends notifications to changes on private objects via regular email.\n\nThis is not secured and could disclose private information if the mail is intercepted.\n\nUsers cannot readily reason about the chance of disclosure when entering private or proprietary data in to LP.\n\nAnalysis\n========\n\nSome of our users will want to run the risk of disclosure as they have folk they work with who have very limited internet facilities - doing 'object X has changed click here to see the change' style notifications would likely just frustrate them.\n\nOther users have very high confidentiality concerns and may want to prevent all unsecured mail being sent.\n\nWe have one low hanging fruit we could apply: opportunistic TLS on the outbound mail path.\n\nFailing that we probably need to do some stakeholder research to get a full handle on the expectations, and to assess the risks they face.", "owner_link": "https://bugs.launchpad.net/api/devel/~jbailey", "bug_tasks_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/bug_tasks", "duplicate_of_link": null, "date_created": "2005-10-14T19:03:33.381842+00:00", "activity_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/activity", "subscriptions_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/subscriptions", "date_last_updated": "2019-09-16T13:03:07.201886+00:00", "who_made_private_link": null, "date_made_private": null, "heat": 314, "bug_watches_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/bug_watches", "cves_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/cves", "vulnerabilities_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/vulnerabilities", "duplicates_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/duplicates", "attachments_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/attachments", "security_related": true, "latest_patch_uploaded": null, "tags": ["email", "feature", "notifications", "privacy"], "date_last_message": "2019-09-16T13:03:06.687133+00:00", "number_of_duplicates": 3, "message_count": 15, "users_affected_count": 5, "users_unaffected_count": 0, "users_affected_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/users_affected", "users_unaffected_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/users_unaffected", "users_affected_count_with_dupes": 6, "other_users_affected_count_with_dupes": 6, "users_affected_with_dupes_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/users_affected_with_dupes", "messages_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/messages", "lock_status": "Unlocked", "lock_reason": null, "linked_branches_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/linked_branches", "linked_merge_proposals_collection_link": "https://bugs.launchpad.net/api/devel/bugs/3165/linked_merge_proposals", "http_etag": "\"826e5de45b8b22050f93c884de71763b8e75ca66-cb545f282e7cc1bad410d64187f1413b8bf81eb5\""}, "subscribers_portlet_url_data": {"web_link": "https://bugs.launchpad.net/bugs/3165", "self_link": "https://bugs.launchpad.net/api/devel/bugs/3165"}, "total_comments_and_activity": 34, "initial_comment_batch_offset": 41, "first visible_recent_comment": -26, "bugtask_data": {"3318": {"id": 3318, "row_id": "tasksummary3318", "form_row_id": "task3318", "bugtask_path": "/launchpad/+bug/3165", "prefix": "launchpad", "targetname": "Launchpad itself", "bug_title": "Launchpad sends (unencrypted) mail notifications about private assets", "assignee_value": null, "assignee_is_team": null, "assignee_vocabulary": "AllUserTeamsParticipation", "assignee_vocabulary_filters": [], "hide_assignee_team_selection": true, "user_can_unassign": false, "user_can_delete": false, "delete_link": "https://bugs.launchpad.net/launchpad/+bug/3165/+delete", "target_is_product": true, "status_widget_items": [{"name": "Triaged", "value": "Triaged", "description": "Verified by the bug supervisor.\n", "description_css_class": "choice-description", "style": "", "help": "", "disabled": false, "css_class": "statusTRIAGED"}], "status_value": "Triaged", "importance_widget_items": "[]", "importance_value": "High", "milestone_widget_items": "[]", "milestone_value": null, "user_can_edit_assignee": false, "user_can_edit_milestone": false, "user_can_edit_status": false, "user_can_edit_importance": false}}, "information_type_data": {"PUBLIC": {"value": "PUBLIC", "description": "Everyone can see this information.\n", "name": "Public", "order": 0, "is_private": false, "description_css_class": "choice-description"}, "PUBLICSECURITY": {"value": "PUBLICSECURITY", "description": "Everyone can see this security related information.\n", "name": "Public Security", "order": 1, "is_private": false, "description_css_class": "choice-description"}, "PRIVATESECURITY": {"value": "PRIVATESECURITY", "description": "Only the security group can see this information.\n ", "name": "Private Security", "order": 2, "is_private": true, "description_css_class": "choice-description"}, "USERDATA": {"value": "USERDATA", "description": "Only shared with users permitted to see private user information.\n", "name": "Private", "order": 3, "is_private": true, "description_css_class": "choice-description"}}, "bug_is_private": false, "context": {"self_link": "https://bugs.launchpad.net/api/devel/launchpad/+bug/3165", "web_link": "https://bugs.launchpad.net/launchpad/+bug/3165", "resource_type_link": "https://bugs.launchpad.net/api/devel/#bug_task", "bug_link": "https://bugs.launchpad.net/api/devel/bugs/3165", "milestone_link": null, "status": "Triaged", "status_explanation": null, "importance": "High", "importance_explanation": null, "assignee_link": null, "bug_target_display_name": "Launchpad itself", "bug_target_name": "launchpad", "bug_watch_link": null, "date_assigned": "2005-10-14T19:03:33.381842+00:00", "date_created": "2005-10-14T19:03:33.381842+00:00", "date_confirmed": null, "date_incomplete": null, "date_in_progress": null, "date_closed": null, "date_left_new": null, "date_triaged": null, "date_fix_committed": null, "date_fix_released": null, "date_left_closed": null, "owner_link": "https://bugs.launchpad.net/api/devel/~jbailey", "target_link": "https://bugs.launchpad.net/api/devel/launchpad", "title": "Bug #3165 in Launchpad itself: \"Launchpad sends (unencrypted) mail notifications about private assets\"", "related_tasks_collection_link": "https://bugs.launchpad.net/api/devel/launchpad/+bug/3165/related_tasks", "is_complete": false, "http_etag": "\"85163c18d86fab7142e4833e4eb2f40f87339b9b-059ffb7c3eef63e3c6291f0b48f217e68c11f8a1\""}};</script> </body>  </html>

CINXE.COM

Bug #3165 “Launchpad sends (unencrypted) mail notifications abou...” : Bugs : Launchpad itself