Command line automatically included in bug report, violating user's privacy

I definitely agree .

<quote>
A proper fix for this should show a preview of all the debugging information being submitted. The fix would allow the user to exclude any fields that can violate her privacy before submitting her bug report via the net.
</quote>

well, showing to an common end user, all debugging information can be really scary. But we need to analyze and to distinguish type of informations that could touch to the user privacy , then ALWAYS ask him if he wanted to modify the informations (concealing them for instance) but he needs to be aware that in some case the exact information is mandatory to investigate.
But we shouldn't allow complete removal of the information (just modification).

in some case , private informations are embedded in the stack Trace. Those cases are really difficult to address.

NOTE [for QA] : this bug importance should be set to High or Serious as privacy is a really important subject for Users

Right, for bug reports we should not have the command line. It is highly important for triaging crash reports, but for those the user can display the report and chose not to send it to us (and is warned that it might contain private information).

Fixed in bzr head.

This bug was fixed in the package apport - 0.102

---------------
apport (0.102) hardy; urgency=low

  [ Martin Pitt ]
  * problem_report.py: Support reading reports with legacy zlib
    compression in 'retain compressed values' mode (as used nowadays by
    apport when reporting a crash). Add a test case, too. (LP: #129616)
  * debian/control, debian/rules: Switch from python-support to
    python-central, and use 'nomove' option so that apport works during
    upgrades, too. (LP: #121341)
  * debian/rules: Use dh_icons instead of dh_iconcache.
  * debian/apport.init: Do not stop apport in any runlevel (LSB header).
  * apport/ui.py, run_crash(): Catch zlib.error on invalidly compressed core
    dumps. (LP: #176977)
  * apport/ui.py: Give a meaningful error message instead of crashing if the
    package for a crash report is not installed any more. (LP: #149739)
  * apport/ui.py: Do not include ProcCmdline in bug reports, since these are
    not ack'ed by the user and might contain sensitive data. (LP: #132800)
  * apport/ui.py: Add various test cases for crash reports whose packages have
    been uninstalled between the crash and the report. This reproduces
    LP #186684.
  * apport/ui.py, load_report(): Produce proper error message if
    executable/interpreter path do not exist any more. (LP: #186684)
  * cli/apport-cli: Intercept SIGPIPE when calling sensible-pager, to avoid
    crash when quitting it prematurely. (LP: #153872)
  * bin/apport-checkreports: Print out a list of program names/packages which
    have a pending crash report. (LP: #145117)
  * apport/ui.py, run_argv(): Add return code which indicates whether any
    report has been processed.
  * cli/apport-cli: If no pending crash reports are present, say so and refer
    to --help. (LP: #182985)
  * apport/ui.py: Waive check for obsolete packages if environment defines
    $APPORT_IGNORE_OBSOLETE_PACKAGES. Document this in the apport-cli manpage.
    (LP: #148064)

  [ Daniel Hahler ]
  * .crash file integration for KDE3 (LP: #177055)
    - debian/apport-qt.install: install added files qt4/apport-qt-mime.desktop
      and qt4/apport-qt-mimelnk.desktop
  * Fixed minor warnings/errors from desktop-file-validate in
    gtk/apport-gtk-mime.desktop.in and qt4/apport-qt.desktop.in (LP: #146957)

 -- Martin Pitt <email address hidden> Wed, 06 Feb 2008 12:55:53 +0100