Comment 8 for bug 107103
Revision history for this message
| Martin Pitt (pitti) wrote Re: [Bug 107103] Re: should try to sanitize passwords from attachments | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Brian J. Murrell [2008-10-23 18:17 -0000]:
> So knowing the package versions, distro release version
That's of course important supplementary data, but on its own it is
worthless to describe the problem, yes.
> and having stack traces
Stack traces can already contain pretty much anything, passwords, PIN
numbers, secret project names, etc. passed around as function
arguments or local variables. And in most cases, we even need more
than that, the full core dump, to get a fully symbolic stack trace.
It is computationally infeasible to weed out stuff which is
potentially sensitive.
> TBH, I think Canonical are falling short of full disclosure in not
> being more clear to users that they are likely sending account
> information in their apport reports. Things that crash a lot like
> firefox and evolution are rife with accounts and passwords.
Right, that's why the user can inspect the report initially, it
says "If you were not doing anything private", we don't mark bugs
as public, and we disable apport in stable releases.