Security of sensative data with filed bug reports?

Mike O'Donnell mikeodonnell at shaw.ca
Sun Mar 11 21:27:06 UTC 2012 

Hi,

>From here:

https://wiki.ubuntu.com/Apport#Launchpad-based_auto-retracer

"The automatic crash interception component of apport is disabled by
default in stable releases for a number of reasons:

    Apport collects potentially sensitive data, such as core dumps,
stack traces, and log files. They can contain passwords, credit card
numbers, serial numbers, and other private material.

    This is mitigated by the fact that it presents you what will be sent
to the bug tracker, and that all crash report bugs are private by
default, limited to the Ubuntu bug triaging team. We can reasonably
expect developers and technically savvy user"s, who run the development
release, to be aware of this and judge whether it is appropriate to file
a crash report. But we shouldn't assume that every Ubuntu user of stable
releases is able to do so".

I am a newer user, not a "technically savvy user". Please respond
accordingly.:^)

When filing bug reports, how is it best for me to keep my "sensitive
data" secure. I use bcrypt to encrypt a file, that houses all this data;
I assume that is safe, from transmission during a bug report. Is that
correct? Other than that, when might it not be safe to send a report? I
don't what "core dumps, stack traces, and log files" are. Does, this
show information, that can report "sensitive data", from my earlier
activity, before the report?. Are these "core dumps, stack traces and
log files", only from current use, when Apport signals a bug report, or
when, I chose to report one. What do I need to know about what data is
collected and from when it was it available, from my previous activities
with the computer. Or, if I have not recently been using any sensitive
data, just previous to finding a bug that I want to report, will my
sensitive data, be safe, from transmission, given my scenario for
security?

I have been as clear as I know how to, while composing this question. I
hope, it is found clear with you.


Thank you.
-- 
This message was sent from Launchpad by
Mike O'Donnell (https://launchpad.net/~mikeodonnell)
using the "Contact this team's admins" link on the Crash bug triagers for
Ubuntu packages team page (https://launchpad.net/~ubuntu-crashes-universe).
For more information see
https://help.launchpad.net/YourAccount/ContactingPeople

More information about the Ubuntu-reviews mailing list