On Tue, 2007-04-24 at 14:40 +0200, Loïc Minier wrote:
> On Tue, Apr 24, 2007, Josselin Mouette wrote:
> > Apport sends complete core dumps, which is a very bad idea. The dumps
> > can be huge (for desktop applications they often grow beyond 200MB) and
> > they can contain gazillions of sensitive information.
> 
>  But Apport is written already, and it's also the path that Windows
>  crash report and Mozilla's talkback tools have taken; these
>  corporations might not represent our ideals, but they present examples
>  of deployed and working solutions.
> 
>  I don't think it's still 200 MB compressed, but some input from Ubuntu
>  folks could help.

apport can send mini core dumps, and will offer to do so if the coredump
is very large. 

> > Using a central server for symbol lookup like Ben proposed looks like a
> > better idea. It needs gdb to be adapted or wrapped to access them
> > correctly, though.
> 
>  Yes, it sounds like a good idea; I suppose it might offer less
>  possibilities, but a good stack trace is often good enough.  However
>  modifying gdb sounds like a lot of hard work.  I don't know how Apport
>  works on the server side, but if this part of Apport could be made to
>  run on the client and to fetch the relevant files, this might have all
>  advantages of not sending the sensitive core dumps, not uploading too
>  much data, and being available without too much development.

This would be nice too - I would certainly like to be able to say to
apport 'please retrace on my machine now without uploading' for
applications that have been exposed to my password.

Rob
-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to