Password logging aside, there's an open question about whether logging usernames is acceptable. I'd say it is, since usernames are generally actually webapps and thus are useful debugging information. Users are already prompted to see the report before sending it, and actively choose to send it. Dropping usernames would go in the direction of crippling useful reporting. Since users already choose to send reports, those bothered by this could just not send them.
Comments appreciated, but I'd look to the Ubuntu security team to make a final decision.
Password logging aside, there's an open question about whether logging usernames is acceptable. I'd say it is, since usernames are generally actually webapps and thus are useful debugging information. Users are already prompted to see the report before sending it, and actively choose to send it. Dropping usernames would go in the direction of crippling useful reporting. Since users already choose to send reports, those bothered by this could just not send them.
Comments appreciated, but I'd look to the Ubuntu security team to make a final decision.