Ubuntu
apport package

Change default security/privacy setting that is automatically set by apport

Bug #196489 reported by Harvey Muller
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: apport

The current behavior of apport is to set the default security / privacy setting of the resulting bug to "Private." I understand that this may be a direct result of bug #132800.

To illustrate the poblem here's what I bumped into this morning:

1. Experienced problem
2. Apport generated an auto-report
3. I decide to submit the report to help
4. I check to ensure this bug is not a duplicate, it isn't.
5. I send the report
6. I learn the bug is a duplicate, through email
7. I attempt to check the duplicate, but access is restricted

The bug I generated is #196460, the "private" bug is #196335. The issue here is not the original bug I reported. I know it will be fixed even if I cannot check on it's status.

These are the issues as I see them:

1. Users will not change the status of their bugs to public, for whatever reason, they will remain private.
2. Users will come in afterwards and create duplicate bugs, and then be unable to track the original bug.
3. Those that care about what is reported will use the security/privace setting appropriate to them, or strip the offending portions, or just not report.

This issue is relative to #132800

Best regards,

Harvey

Revision history for this message
Martin Pitt (pitti) wrote :

Thank you for your report. However, crash reports can have more information in them which potentially have sensitive information, in particular in the Tracebacks (python) or core dumps (SIGSEGV, etc.). Bug 132800 has been fixed, but (1) bugs were filed privately since long before already, and (2) we cannot filter core dumps like we can filter ProcCmdline, etc.

While I acknowledge that the weirdness you reported exists, we won't file bugs as public by default for above reasons. Developers usually set high-profile crashes like this to public after inspecting that there is no sensitive data (this already happened for bug 196335).

Thanks,

Martin

Changed in apport:
status: New → Won't Fix
Revision history for this message
Harvey Muller (hlmuller) wrote :

Martin,

I appreciate your insight into the issue. If I understand the intent as described, then I as a bug reporter should not bother changing its status from private to public. I should just continue to report as long as the issue is not already 'publicly' reported. Developers will change the status from private to public as they determine it is safe to do so.

Thanks,

Harvey

Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 196489] Re: Change default security/privacy setting that is automatically set by apport

Hi Harvey,

Harvey Muller [2008-03-13 12:19 -0000]:
> If I understand the intent as described, then I as a bug reporter
> should not bother changing its status from private to public.

You are welcome to do so if you verified that the report does not
contain any private data (which is feasible for a Python crash that
you reported, but you can hardly do it for the CoreDump.gz
attachment).

> I should just continue to report as long as the issue is not already
> 'publicly' reported. Developers will change the status from private
> to public as they determine it is safe to do so.

Right.

Thanks, Martin

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.