touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #17498
[Bug 1255165] Re: make it clearer that crash files may contain private data and make it easier to opt out
** Changed in: whoopsie (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1255165
Title:
make it clearer that crash files may contain private data and make it
easier to opt out
Status in “whoopsie” package in Ubuntu:
Confirmed
Bug description:
As far as I understand the whoopsie error report procedure, the coredump will be sent to ubuntu servers if daisy.ubuntu.com requests this after the initial report upload.
However, I consider uploading a coredump across the network (although its https) to be a secuity risk. For instance gtk applications contain a lot of private information in their coredump such as last opened filenames. The coredump is used to extract additional information which may help to fix the bug, which is fine but any information should be extracted from the core *locally* (i.e. on the machine, where the crash happened) instead of extracting them on ubuntu servers. The text of the error upload dialog states something like "do you want to help fixing the problem?" which indicates to me that sending the error is something positive. I haven't found any hint that says "do you want to expose private data to canonical?" in this dialog.
Altogether, I see no reason for sending a coredump.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1255165/+subscriptions