Re: [Roundup-users] Missing messages

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi!

* Tom Ekberg <te...@uw...> [20221201 23:03]:
> It looks like user 33 unlinked message 1514. It looks like all
> this did was to remove it from the issue_messages table. Should
> roundup have 'retired' message 1514 too?

I consider the message removing mechanism in Roundup to be
technically correct, but in reality it is broken:

There is a "remove" button next to each message, which
- doesn't ask if the message should actually be removed, it just
  removes it from the issue without an easy way to undo mistakes.
  -> Risk of losing (easy access to) data
- doesn't actually remove the message, just unlinks it from the
  issue, so if a user posted information that shouldn't be visible
  in the tracker, it is still there, while the user might believe
  it has been deleted!
  -> Risk of sensitive information being stored in the tracker
     without the user realizing that it is still there

In our trackers we have removed the remove button, and users have to
contact an admin to edit or remove messages (or files), which also
includes shredding and truncating the actual file on disk, and in
case of attached files with a file name including sensitive
information (yes, people do that :-/) also editing the journal,
because otherwise the original file name is still visible.

Regards,

Thomas

-- 
Thomas Arendsen Hein <th...@in...>  |  https://intevation.de
Intevation GmbH, Osnabrueck, DE; Amtsgericht Osnabrueck, HRB 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter

Re: [Roundup-users] Missing messages

Simple-to-use/-install issue-tracking system: web, REST, email, CLI

Re: [Roundup-users] Missing messages