Elijah: > Stack traces can already potentially contain private info. The > current method is: > 1) Program crashes > 2) Bug-buddy is launched, gathers data, and notifies the user what happened > 3) Bug-buddy notifies the user that sensitive data may have been > collected and lets them know how to review it > 4) The user is allowed to type in additional information and send the > report, or abort. > > I don't see why the process should really change just because extra > information has been gathered besides a stack trace. (Especially > since bug buddy merely says "information about the crash has been > successfully collected...)
I worry because the ability for applications to collect "additional data" by running scripts defined in the application .desktop file opens the door to collecting just about any sort of data. Since it doesn't seem that there are any plans to oversee what sort of data collection might get added to .desktop files, some application maintainers might add inappropriate data collection to their programs. Let's say some program generates a log file, and because this log file is useful for debugging the maintainer specifies that the logfile should be added to the bug report when it is created. This sounds good, but what if there is some way that sensitive or private data can get into the log. Then when the program crashes, this sensitive data gets put in a public forum for all to see (if they know where to look). I would think most users would prefer that computers *not* forward data that could contain sensitive or private data to other machines by default. Maybe it's just me, but I prefer to be asked first. At the very least, I like to be able to turn off such features if I want. >> Even if we don't add pop-ups or configuration settings, how this works >> should at least be documented somewhere more formal than an email >> discussion on desktop-devel-list. > > In the user documentation of bug-buddy? It's also pretty clear from > just using it... Doesn't it get more complicated when arbitraty scripts can get executed as specified in the application desktop file? Does the current process of "just using it" explain that data is collected in this way? >> Yes, I just think there should be some mechanism to turn of bug >> reporting. > > It's already built-in to bug-buddy: you click "close" instead of > "send". Does that not do what you want? What if I never want bug-buddy to pop-up at all because I never want bug reports to be sent. Can I configure bug-buddy this way without uninstalling bug-buddy from my system? Or do I have to pick "close" every time a program crashes? Brian _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
