Brian J. Murrell [2008-10-23 18:17 -0000]: > So knowing the package versions, distro release version
That's of course important supplementary data, but on its own it is worthless to describe the problem, yes. > and having stack traces Stack traces can already contain pretty much anything, passwords, PIN numbers, secret project names, etc. passed around as function arguments or local variables. And in most cases, we even need more than that, the full core dump, to get a fully symbolic stack trace. It is computationally infeasible to weed out stuff which is potentially sensitive. > TBH, I think Canonical are falling short of full disclosure in not > being more clear to users that they are likely sending account > information in their apport reports. Things that crash a lot like > firefox and evolution are rife with accounts and passwords. Right, that's why the user can inspect the report initially, it says "If you were not doing anything private", we don't mark bugs as public, and we disable apport in stable releases. -- should try to sanitize passwords from attachments https://bugs.launchpad.net/bugs/107103 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
