Apport retracer removal of coredump attachments fails to protect privacy
Bug #385400 reported by
Max Bowsher
This bug report is a duplicate of:
Bug #106162: actions performed shortly before duplicate marking are notified to subscribers of the primary bug.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apport |
New
|
Undecided
|
Unassigned | ||
Launchpad itself |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
The apport retracer currently removes CoreDump.gz attachments and then marks bugs as public, with the aim of keeping coredumps private.
This scheme is flawed. It is trivially easy to get a Librarian URL to removed attachments by viewing a bug's "Activity log" page. The Librarian URLs are also exposed in bugmail when apport performs a "remove coredump and mark as duplicate" operation.
To post a comment you must log in.
Well, bugs are not marked as public, but the Ubuntu bug triaging team gets subscribed. Also, on failed retraces the core dump stays around anyway.
But still this is an issue, of course. Launchpad devs, is there any possibility to improve this? Such as, not exposing the librarian URLs for deleted attachments?