Roundup Tracker - Issues

Issue 2551248

Consider adding purge function - delete info files/msgs (e.g. secrets/PII)
Type: rfe Severity: normal
Components: Web interface, Command-line interface Versions:
Status: new
: : rouilj
Priority: : Effort-Medium

Created on 2022-12-02 20:10 by rouilj, last changed 2022-12-02 20:10 by rouilj.

msg7691 Author: [hidden] (rouilj) Date: 2022-12-02 20:10
In the thread including
Thomas AH provides a use case where a message may have to be purged because
of sensitive info.

I suggested adding a purge action to the web interface and roundup-tracker.
Comment taken from email:

Have you thought about adding a "Purge File/Message" button on the
msgNN and fileNN pages that calls a purge action. The action does the
following (which I think touches all your points above):

   1. unlink file/message from all associated issues

   2. clean up purged item metadata:
       * for file:
            * set the filename to [purged by userNN on date]. This
              removes the need to remove (1) the journal entry on
              the issue(s). The filename info comes from the file
            * set contenttype to to text/plain
       * for msg:
            * maybe empty the recipients
       * for either maybe clear the date to 1970-01-01

   3. truncate file or use code from something like
      or an os.system or to
      shred(1) to overwrite data on disk file before truncation. (*)

   4. purge/clean up journal/history for the file/message. For
      messages this can probably be skipped. For files, you want to
      remove the journal entry that records the rename if it is
      sensitive data.

Note this process does leave the link/unlink history references in the
issue, but looking at them should show something like:

  date user ... files: - [purged by admin on 2021-12-21]

  date user ... files: + [purged by admin on 2021-12-21]

I don't consider that an issue.

There is an open issue

to enhance roundup-admin pack to include the ability to run

        pack 0d file200

to purge all journals on file200 starting now (0d) back to (but not
including) the original create. I think that would work for your use

Adding a 'purge' command for file based and user classes to
roundup-admin would be useful. With suitable checks (user verifies
filename, creating user at minimum) and warnings I think it would

Adding this as an action to the core accessible by admins, but not
exposed in the UI would be reasonable. The UI exposure would be part
of customizing the tracker.
Date User Action Args
2022-12-02 20:10:18rouiljcreate