** Branch linked: lp:~ubuntu-core-dev/ubuntu/bionic/apport/ubuntu

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.

  apport is leaking environment variables  (including passwords!) to
  public bug reports

Status in apport package in Ubuntu:
  In Progress

Bug description:
  See the bug report 
  created with ubuntu-bug.

  Apport includes the file JournalErrors.txt
  This file includes e.g. the following line.
  Dez 16 19:11:31 hostname /usr/lib/gdm3/gdm-x-session[9679]: 
dbus-update-activation-environment: setting 

  Normally it would be not problem that gdm-x-session write this to the 
journal, because the journal is not intended to be published on the internet. 

  Setting confidential informations via environment is maybe not the
  best idea, but a legal procedure and for `mpc` the only way to set
  this information.

  IMHO the apport utility is here the problem, because it includes the
  file with risky information to a public visible bug report.

  Note: I manually delete the attachment in the mentioned bug report. But how 
can I sure that a web crawlser hasn't read/preserved that attachment?

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to