[Labs-l] [Labs-announce] [notice] DB replicas user_properties view redaction

[Marc-Andre]

On 2016-11-29 02:09 PM, Jonathan Morgan wrote:
> Out of curiosity (not snark), who has final say on these matters: 
> Security, or Legal? 

Nowadays, probably security (although I suppose Legal will always have a 
final veto for - well - legal reasons).  At the time, Legal was handling 
it because the privacy policy is their domain, and there wasn't much of 
"Security" to speak of beyond individual stakeholders.

My concern isn't that security shouldn't have the say so much as the 
fact that I'm a little surprised that an informed decision from legal 
ends up being reversed 180° without any apparent reference to that prior 
discussion.  I'm all for revisiting decisions when it makes sense to do 
so; but revisiting a decision requires actually /revisiting/ the 
decision - not ignoring prior context as though the current setup was 
pulled out of thin air.

And - for the record - I've no fondness for making user properties 
available as they were.  It's not an accident that I directed the 
question at Legal at the time: while there was a reasonable user request 
for them, it was clear from the outset there was a privacy aspect that 
needed to be addressed.

-- Coren / Marc