Comment 7 for bug 107103
Revision history for this message
| Brian J. Murrell (brian-interlinx) wrote Re: [Bug 107103] Re: should try to sanitize passwords from attachments | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
On Thu, 2008-10-23 at 17:59 +0000, Martin Pitt wrote:
>
> How should it? There isn't a single place which holds/knows all your
> passwords, secret projects, personal data, and other sensitive stuff,
> except maybe your brain.
Sure. The keyring potentially has a wealth of them, yes. Perhaps
apport can keep a list (that you supply to it). And scrubbing some is
better than scrubbing none.
> Then such bug reports would loose everything
_Everything_?
> that a developer needs to
> actually look into the problem. We could basically just say "program foo
> has crashed".
So knowing the package versions, distro release version and having stack
traces, etc. is of absolutely no more value than me just saying "program
foo has crashed"? I don't think I believe that.
As it is currently, I (and I'm sure anyone else who realizes as much as
I do about what they are sending in CrashDump attachments) just don't
send apport reports because of the leak rather than sending 90% of the
information doesn't contain sensitive information.
TBH, I think Canonical are falling short of full disclosure in not being
more clear to users that they are likely sending account information in
their apport reports. Things that crash a lot like firefox and
evolution are rife with accounts and passwords.
b.