CMOC | Switch to confidential handovers by default
Problem Statement
It was brought up by @cleveland that there's a potential for accidentally leaking confidential information through CMOC handover issues if not enough care is taken, and it can be an easy mistake to make.
Proposal
Even though it's contrary to our values, should we make all CMOC handover issues confidential by default?
DRI
The Slack conversation for this will be purged soon, so it's included below.
Slack Discussion
Cleveland Bledsoe Jr Apr 29th at 3:28 PM I’m realizing that the CMOC Handover issues are not confidential by default. I almost disclosed information about REDACTED. While typically we link to the production issue (And the production issue is confidential), I sometimes include a summary. Is there any value to making this confidential by default, or should we just be more aware and mark each issues as confidential and perhaps just update our workflow?
Cleveland Bledsoe Jr 23 days ago cc @tristan if you have any thoughts
Jason Young 23 days ago I wrestled with this - and believe that I asked in one of my shifts in a similar vein I've taken to just linking without commentary if it's a confidential issue. I love that they are open, but I think we are unique among the handovers there.
Cleveland Bledsoe Jr 23 days ago Yeah I am checking to see if anyone accidentally spilled the beans, because I almost did. Such as mentioning a user that was causing problems, etc
Cleveland Bledsoe Jr 23 days ago For now, I think I am going to redact what I said and just keep it simple
Tristan Williams 23 days ago They’re mainly public by default to align with our values, and that’s the only reason why. But we could change that if it’s easier. It’s a similar situation to the internal-requests tracker that used to be public by default with the expectation that issues opened with private info would be marked confidential by the opener, but then we had to reverse that because too many issues weren’t marked confidential by accident.
Tristan Williams 23 days ago I don’t think I feel strongly about it either way, so maybe erring on the side of caution and making them confidential by default is safer.
Muhamed Huseinbašić 19 days ago We can update the template to make every new issue confidential if we go that way.
/cc @cleveland @jayo @mhuseinbasic since you were involved in the discussion.