[Ubuntuone-users] Somewhat urgent privacy concern

Zachery Bir zachery.bir at canonical.com
Sun Aug 30 00:42:30 BST 2009

Arand Nash wrote:
> Somewhat urgent privacy concern:
> Currently approximately 60 users (or more), who have recently reported 
> crashes in Ubuntu One, have the file & foldenames of their entire Ubuntu 
> One contents listed publicly in text attachments.
> This comes about since U1's crash reports contains a list of all the U1 
> files and folders of the reporting user (LP: 419895), AND that those 
> attachements are not removed when the bug is marked as a duplicate and 
> made public by the apport retracing service (LP: 419929).
> One concerned bug report is (LP: 419488), which seemed to affect a lot 
> of Karmic+U1 testers.
> My urgent-quickfix suggestion would be to either immidiately mark all 
> these bugs as private OR remove the concerned attachment from all of 
> them, and continue doing so with all new incoming ones.
> In the "long" term either U1 has to stop attaching this data to their 
> crash reports OR the retracer has to be fixed to keep bugs private when 
> dupe-marked or to remove *all* attachments from private bugs gone public.
> I'm hoping for now that this hasn't and will not cause any hurt to the 
> concerned users, and hopefully it can be taken care of quickly, since it 
> puts both Ubuntu One and Launchpad in a somewhat bad light.

Saw this recently on OmniGroup's blog about gibberish-izing crash reports:


Wonder if it's interesting to us to implement something similar, 
presuming we even want to know number of files our users have.


More information about the ubuntu-devel mailing list