touch-packages team mailing list archive

Thread
Date

[Bug 1255165] Re: make it clearer that crash files may contain private data and make it easier to opt out

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Adolfo Jayme <fitoschido@xxxxxxxxx>
Date: Sun, 14 Sep 2014 01:11:39 -0000
Reply-to: Bug 1255165 <1255165@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: whoopsie (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1255165

Title:
  make it clearer that crash files may contain private data and make it
  easier to opt out

Status in “whoopsie” package in Ubuntu:
  Confirmed

Bug description:
  As far as I understand the whoopsie error report procedure, the coredump will be sent to ubuntu servers if daisy.ubuntu.com requests this after the initial report upload.
  However, I consider uploading a coredump across the network (although its https) to be a secuity risk. For instance gtk applications contain a lot of private information in their coredump such as last opened filenames. The coredump is used to extract additional information which may help to fix the bug, which is fine but any information should be extracted from the core *locally* (i.e. on the machine, where the crash happened) instead of extracting them on ubuntu servers. The text of the error upload dialog states something like "do you want to help fixing the problem?" which indicates to me that sending the error is something positive. I haven't found any hint that says "do you want to expose private data to canonical?" in this dialog.
  Altogether, I see no reason for sending a coredump.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1255165/+subscriptions