Comment 4 for bug 179587

In general, in security design, it is a bad idea to leak information about why access is denied. James already gave an example of why this can be bad, even though it is inconvenient if you're on the other end of it.

We could do better in how we handle crash reports in Ubuntu given slightly better support in Launchpad, though, and I suspect crash reports are the main place where people encounter this problem in practice. We mark crash reports private by default because they might easily contain sensitive information; for instance, a Firefox crash dump could contain your credit card number, or an Evolution crash dump could contain the last private e-mail you were writing to your girlfriend. Ubuntu developers often mark crash reports as public once they've determined that they aren't sensitive, but this doesn't always happen for one reason or another (for one thing, if you can see private bugs, it's all too easy to forget that not everyone can!).

Of course, a full crash report database as part of Launchpad would clearly let us be more flexible. Even without that, though, what about the facility to have a public bug but with private attachments? That way, people could see the description of the bug of which their bug was made a duplicate and the discussion on it, including whether it was fixed, but just wouldn't be able to get the core dump.

There are probably cases that this wouldn't cope with and where we'd have to mark the bug truly private, but I think it's quite rare for us to need to discuss sensitive contents of a core dump in a bug report. In most cases I think this workaround would do the job.

(Disclaimer: I'm not a Launchpad developer and this is merely a suggestion.)