The information is sensitive and there should be better ways of checking for this type of info before sending it in.
Q: the proficiency and tenacity
A: Basically this person has to prove themselves to BugControl. This can't be assured.
Q: the trustworthy-ness of everyone who has access to private bugs
A: this can't be assured.
Q: the trustworthy-ness of the LP software to keep information in private bugs private
A: Can't find teh bug now, but launchpadlibrarian (holds all attachments) is wide open, even if the bug is private, all you need is the URL and you can access the attachment. You are basically counting on security through obscurity.
So you are completely right. I concur the fact that since security on this site and its groups is low, the user should be able to review ALL data that will be sent into launchpad.
The information is sensitive and there should be better ways of checking for this type of info before sending it in.
Q: the proficiency and tenacity
A: Basically this person has to prove themselves to BugControl. This can't be assured.
Q: the trustworthy-ness of everyone who has access to private bugs
A: this can't be assured.
Q: the trustworthy-ness of the LP software to keep information in private bugs private
A: Can't find teh bug now, but launchpadlibrarian (holds all attachments) is wide open, even if the bug is private, all you need is the URL and you can access the attachment. You are basically counting on security through obscurity.
So you are completely right. I concur the fact that since security on this site and its groups is low, the user should be able to review ALL data that will be sent into launchpad.