Somewhat urgent privacy concern
Arand Nash
ienorand at gmail.com
Sat Aug 29 17:14:28 BST 2009
Somewhat urgent privacy concern:
Currently approximately 60 users (or more), who have recently reported
crashes in Ubuntu One, have the file & foldenames of their entire Ubuntu
One contents listed publicly in text attachments.
This comes about since U1's crash reports contains a list of all the U1
files and folders of the reporting user (LP: 419895), AND that those
attachements are not removed when the bug is marked as a duplicate and
made public by the apport retracing service (LP: 419929).
One concerned bug report is (LP: 419488), which seemed to affect a lot
of Karmic+U1 testers.
My urgent-quickfix suggestion would be to either immidiately mark all
these bugs as private OR remove the concerned attachment from all of
them, and continue doing so with all new incoming ones.
In the "long" term either U1 has to stop attaching this data to their
crash reports OR the retracer has to be fixed to keep bugs private when
dupe-marked or to remove *all* attachments from private bugs gone public.
I'm hoping for now that this hasn't and will not cause any hurt to the
concerned users, and hopefully it can be taken care of quickly, since it
puts both Ubuntu One and Launchpad in a somewhat bad light.
- Arand
More information about the ubuntu-devel
mailing list