On Thu, 2008-10-23 at 17:59 +0000, Martin Pitt wrote: > > How should it? There isn't a single place which holds/knows all your > passwords, secret projects, personal data, and other sensitive stuff, > except maybe your brain.
Sure. The keyring potentially has a wealth of them, yes. Perhaps apport can keep a list (that you supply to it). And scrubbing some is better than scrubbing none. > Then such bug reports would loose everything _Everything_? > that a developer needs to > actually look into the problem. We could basically just say "program foo > has crashed". So knowing the package versions, distro release version and having stack traces, etc. is of absolutely no more value than me just saying "program foo has crashed"? I don't think I believe that. As it is currently, I (and I'm sure anyone else who realizes as much as I do about what they are sending in CrashDump attachments) just don't send apport reports because of the leak rather than sending 90% of the information doesn't contain sensitive information. TBH, I think Canonical are falling short of full disclosure in not being more clear to users that they are likely sending account information in their apport reports. Things that crash a lot like firefox and evolution are rife with accounts and passwords. b. -- should try to sanitize passwords from attachments https://bugs.launchpad.net/bugs/107103 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
