It’s easy to implement “edit record” button, but it’s hard to make
things around this button.
Interesting. Has anyone created a contrib or other mod to allow for editing?
Consider situation: you add reply “it’ll cost you 1000$” with misstake
(there should be 10000$). you submit message, see error and this
button. What are you doing? Click and change? Can you? Would RT notify
about change? What would be in notification? Do you want to think
about notifications at all?
Now, you don’t need to think about all this. You just press reply
again and write something like “I’m terribly sorry, I’ve done
misstake. Price is 10000$.” No one automated diff algorithm generate
that for you.
Agreed, I think that since a reply went to the requetor, you dont need to think about it… you need to send another message referencing your mistake and provide a correct answer.
So what if we put the debate about change aside, and call it a ‘modify what you see’ thing… so instead of debating on wether or not the DB should be changed, we talk about wether or not there is a way to filter out parts of tix you dont want, or a way to minimize certain correspondance, or mark it “not interesting” or “filter me” so that when others go to view ticket, they see that there is some other content, but someone has already “Edited” it, or marked it as “not importiant, filter this out but still show that there is something behind me!”
duncanOn 1/3/06, Scott Courtney scott@4th.com wrote:
On Monday 02 January 2006 12:25, Duncan Shannon wrote:
Does the Average RT user need the system to have the same level of
integrity and inability to change info to the level of an accounting
system? I’d be suprosed if the integrity of the data was that
importiant to most of the RT crowd. Anyone?I use RT in a corporate setting and also in a nonprofit org setting. In
the former case, we care about the auditability internally. In the latter
case, not at all.I’m puzzled by the notion that disallowing even an RT sysadmin to delete
or alter content is perceived as somehow providing a level of legal
chain of evidence. All of RT’s data is stored in a relational database,
so anyone who has INSERT, DELETE, or UPDATE access on the tables can
already munge the data anyway they want. The source code and schema are
published information, so it’s not even security-through-obscurity. We
place trust in our sysadmins not to touch the data, but at many sites the RT
admin also has DBA privileges on the back-end database.IANAL, but I would be very surprised if RT’s lack of a “friendly” delete/
alter feature would make RT hold up in court as an unalterable audit trail.
All the opposing lawyer would have to do is point out how easily the data
could be modified in direct SQL, and that would finish that argument. Just
because it requires technical knowledge to alter the data doesn’t mean a
court would believe it to be impossible. You can still put the sysadmin on
the witness stand and ask, under oath, “Did you alter the data?” That tactic
doesn’t rely on RT somehow providing a false sense of non-alterability.The only really good mechanisms to achieve nonrepudiation of transactions rely
on public key cryptography to digitally sign the transaction. AFAIK, RT doesn’t
have that capability right now – and even if it did, the courts are still not
settled on just how heavily to weigh evidence that is digitally signed.My opinion, therefore, is that an option to alter or delete should be available
as a high-level privilege, by default available only to superusers but able
to be delegated to others like any other permission. If a site doesn’t want
people deleting things, then they should leave this permission available only
to the superuser and then not hand out the superuser privilege.For those subject to spammers creating tickets and userids in RT, the ability
to truly purge that junk rather than just making it invisible would be an
incredibly useful feature.Scott
–
Scott Courtney | “I don’t mind Microsoft making money. I mind them
scott@4th.com | having a bad operating system.” – Linus Torvalds
http://4th.com/ | (“The Rebel Code,” NY Times, 21 February 1999)
| PGP Public Key at http://4th.com/keys/scott.pubkey
Be sure to check out the RT Wiki at http://wiki.bestpractical.com
Download a free sample chapter of RT Essentials from O’Reilly Media at http://rtbook.bestpractical.com
WE’RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
San Francisco - Find out more at http://bestpractical.com/services/training.html
Best regards, Ruslan.