New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notification of upcoming Tip Expiry date #748
Comments
Same of #921, already requested by 2 adopters |
Requested also to be able to configure a secondary notification email for notification of upcoming expiry of new tip. |
@fpietrosanti what is the need for a secondary email? |
@evilaliv3 Because it may happen that the researcher, that's a receiver, is away from office for several weeks and in that case it's "team" need to handle the submissions, but those are not part of the receivers and are using temporarily the researcher's receiver account. In their workflow each research is always part of a "country team", but only 1 or 2 researcher of each team are part of the context receiving the leaks, so because they cooperate by using "group email / distribution lists", that's a way to integrate within the way they cooperate usually. |
mmm ok i understand the reasons but i've some doubts: if i'm not concerned with the security behavioure, i'm against a simple solution like the one you are following to not lose the accountability possibility offered by the platform that would be probably fundamental for setups like the ones of a PA. i think that the good direction would be to implement a more complete solution like the 1) tip invite we have already implemented 2) node invite or something like this eventually associated with the receiver. |
@evilaliv3 but that would not fix the issue, when the researcher is on holiday or in-country, he cannot invite anyone to work on the tip as a receiver, he only have his co-workers team that are backing him during a limited period of time |
i agree. but having such a feature and supporting by let say "default" a shared password behaviour makes accountability not possible.
sorry if i'm precise in stating this opinions but i think accountability and transparency to the wb as the core components we have and we need eventually to enforce, now to reduce. |
@evilaliv3 in that context of use the WB does not know if he's speaking with Joe or David, he's speaking with the "country team" of country-X of Amnesty, so i don't see any accountability issue? We're just adapting to the internal organizational need of amnesty, that already works that way with their own in-country sources. |
you are mixing two problems.
|
|
yep i agree with the lack of guarantee, but what i was saying is that i do not want to endorse such a shared usage with a feature of the application or i want to try to minimize the reductuion of the accountability. but from the PA point of view i'm satisfied if we introduce the feature with an enable/disable flag to be set by the admin and default disabled. |
@evilaliv3 i got your point, but i really do not see a reduction of accountability when the "receivers" are represented by an organization that's not publicly exposing the individual users. The whistleblower is always dealing with the "organization" and it's up to the organization to decide autonomously who, within the organization, will take care of which tip and when. In such context i really do not see any accountability issue |
I don't fully understand what the problem is. If the receiver is a shared account then the email will not be the personal email of one person, but it will also be a shared email. In which case why do you need a secondary email? If that is not the case and the account is the personal account of somebody, then we should not encourage it to be used by others. If you want your account to be shared by many people it should be a shared account and it will have a shared email. Am I missing something? |
@hellais I don't think that we are encouraging any specific behaviour, is just that if their country team is made up of 6 persons, only 1 usually work on the GL stuff, when that person is away from the office, they want the other people of the team to be able to get notified (on their group email account), so that some of the group (acting as a backup person) can log-in to the system. |
@fpietrosanti but then I don't understand why, for your usecase, they don't just setup the globaleaks account using the shared group email from the start? Why should there be two different emails associated to a globaleaks account? |
@hellais because only one person of the group use globaleaks in a normal condition, but what we trying to manage is when that person is away and another person from the group (nor before defined, that normally don't use globaleaks, that can change depending on the time/period) need to take care of the submissions. |
well, for sure, in the notification_sched has to be catch this event, reported in the "activities" and eventually via email #921 I guess is a sub-ticket of this one. |
I was checking the status of this issue, and is implemented, the Template are present, the email sent are these:
But the bug was preventing the triggering of the condition! Now I guess can be closed ? |
Is it configurable as described in the ticket? |
nope it's still not configurable, let's wait for that before closing the issue |
To make it configurable, has to be updated the DB, I'll create a dedicated branch called database-21 from which I start the new branches, covering some of the feature that require it. |
great! let's avoid working on the integration script. |
@evilaliv3 is this released? |
nope, it will be released by this week |
Is this finished? |
Yes, closing issue. |
It has been requested by a prospect adopter (amnesty international) to have a procedure to provide notification of upcoming expiration of Tip to receivers part of it.
The notification of tip expiration should be configurable from the receiver, both in term of enabling/disabling the feature, and in terms of timing remaining until expiration when they need to get notified.
That's specifically because some of the researcher are "in office" while some other are often travelling, so they may need very different configuration related to notification of upcoming tip expiry time.
The text was updated successfully, but these errors were encountered: