Launchpad itself

Why do OP's have the power to unsubscribe others?

Asked by Eliah Kagan

[This is similar to https://answers.launchpad.net/launchpad/+question/175464 / bug 880960, but it is a different matter with possibly different issues associated with it, so I'm posting a new question, and I'll file a separate bug if discussion here makes that seem like a good idea.]

I have noticed that I have the power to unsubscribe anyone from a question that I have myself created, even if they were self-subscribed rather than having been subscribed by me (and even if I am not an answer contact for the relevant project or distribution or package). What purpose is served by OP's (original posters) of questions having this power? This seems like more of a bug because it is unnecessary than because of negative consequences, but I can think of some likely practical negative consequences of this ability:

(1) Inexperienced users might accidentally unsubscribe others.

(2) Users might unsubscribe spammers and assume that solved the problem, instead of reporting the spam.

(3) Spammers or spam-bots might unsubscribe another user who report their spam from all questions of which they are the OP and to which the other user is subscribed, to prevent their future spam from being detected and reported efficiently.

(4) Users might create questions for the purpose of having OP status and enforcing an opinion, unsubscribing users who post things they don't like to prevent them from knowing what is being said (or what is being said about them). This might arguably be good in the special case of reporting spam by other users, but the vast majority of questions on Launchpad are not spam reports.

Some of these problems, or similar ones, might arise separately from other powers that exist on Launchpad too, such as the ability of users to unsubscribe other users who they subscribed to a question, or the ability of answer contacts to mark questions Invalid. But those powers (at least the latter one) also seem to have overriding benefits. Are there benefits of allowing OP's to unsubscribe anyone that outweigh these disadvantages?

Question information

Language:
English Edit question
Status:
Solved
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Solved by:
Jeroen T. Vermeulen
Solved:
Last query:
Last reply:
Revision history for this message
Jeroen T. Vermeulen (jtv) said : 		#1

It could be just a consequence of the general privilege level the asker of a question has for that question. I don't think we've had any actual problems with this, since it's in the asker's interest to be sensible about the subscribers list.

But there may be another reason: privacy. I don't know off the top of my head if questions can be private (i.e. not publicly accessible), but I imagine for private projects they can be. If so, the asker should be able to unsubscribe people who are no longer trusted with new information pertaining to the question. In Launchpad, being subscribed to something generally conveys privileges to view it. So for instance, a question could go from public to private because the asker needs to provide sensitive information; they may need to restrict the subscribers list at that point.

Revision history for this message
Eliah Kagan (degeneracypressure) said : 		#2

"It could be just a consequence of the general privilege level the asker of a question has for that question."

What does that mean, exactly? The asker of a question cannot mark the question Invalid, as can an answer contact for the project, distribution, or package that the question is classified as being about. So the asker of a question has neither full nor maximal control over the question's state. If there is a "general privilege level" in which the creator of a question lies, the creator is the only class of user in that level, and then this question becomes about why that level is as it is.

"I don't know off the top of my head if questions can be private (i.e. not publicly accessible)"

A question cannot be private like a bug can. There is no per-question visibility.

"but I imagine for private projects they can be."

If a whole project is private, then the questions in it would probably be private too, in the sense that people not authorized to access the project would also not be authorized to access the questions.

"If so, the asker should be able to unsubscribe people who are no longer trusted with new information pertaining to the question."

But that wouldn't help, because there is no per-question visibility. Anyone who can access a question in a private project when subscribed to the question can also presumably access it when not subscribed to the question. I'd guess that a possible exception to this would be if that user had his/her access rescinded from the whole project. Then, depending on how Launchpad is designed, the user might or might not still have access to subscribed questions. But rescinding access by a user to the project can only be done by someone who has control over the project, and if such a user is involved, that project admin could also presumably unsubscribe the unwanted user from any or all questions in the project to which the user is subscribed.

Furthermore, only a small fraction of projects on Launchpad are private. At most, shouldn't the ability for creators of questions to unsubscribe anyone be a project-level setting, disabled by default?

Anyway, if it hasn't actually caused problems, then it doesn't need to be changed. But I would question how we would know that it hasn't caused problems. After all, when a user is unsubscribed from a question, they no longer receive notifications about changes to the question, and thus they would not know to complain if subsequent changes indicated that their unsubscription had been problematic.

Revision history for this message
Best Jeroen T. Vermeulen (jtv) said : 		#3

You've clearly looked into this in more detail than I have. I hope you'll understand. Since for now this is more a theoretical problem than a practical one, it wouldn't be fair for me to chase it down in detail while keeping several other people with immediate problems waiting. We don't have as much time for this stuff as we would like to.

Without saying that this is necessarily the answer to your question, I would like to reiterate that people can lose the memberships that entitle them to access. It makes security sense in such cases to allow selective revocation of privileges derived from any (but not necessarily all) subscriptions they might still have.

Revision history for this message
Eliah Kagan (degeneracypressure) said : 		#4

Thanks Jeroen T. Vermeulen, that solved my question.