errors.ubuntu.com: mechanism on Server

Evan Dandrea evan.dandrea at canonical.com
Wed Jun 19 10:32:32 UTC 2013


On 17 June 2013 22:24, Scott Kitterman <ubuntu at kitterman.com> wrote:
> On Friday, June 07, 2013 11:15:17 AM Evan Dandrea wrote:
>> On 7 June 2013 10:00, Robie Basak <robie.basak at canonical.com> wrote:
>> > On Thu, Jun 06, 2013 at 04:19:46PM -0400, Scott Kitterman wrote:
>> >> Of course this should be defaulted to no.    Given that the reports to
>> >> e.u.c are treated as more sensitive than crash reports to Launchpad, it
>> >> is at best counter-intuitive to expect that sending reports is a
>> >> reasonable default.
>> Actually, reports to Launchpad are not intended to be treated as any
>> less sensitive. We've just been slow to move access to crash report
>> data in Launchpad bugs over to the NDA. The same concern is there:
>> without an NDA, there's absolutely no recourse to someone doing
>> malicious things with the private data found in those reports, whether
>> they be on errors.ubuntu.com or bugs.launchpad.net.
>>
>> ~ubuntu-bugcontrol was expedient and well-intentioned, but it's a gamble.
>>
>> Perhaps I'm misunderstanding what you're saying, Scott? I don't see
>> how having the contract between our users and the developers wishing
>> to look at that potentially sensitive data, laying out the terms for
>> doing so, makes sending the reports an unreasonable default when
>> compared against not having such an agreement in place.
>
> I don't understand why it's required for e.u.c, but no Launchpad.  It doesn't
> make any sense to require it for one and not the other.

I explained this above. We have every intention of requiring for
access to error reports submitted to Launchpad.

https://errors.ubuntu.com was done first because it has mountains more
information than Launchpad bugs.

> I doubt the NDA gives
> Canonical much in the way of recourse in any case.  I'm not sure "we let you
> see bug reports so you can work on fixing our product for free" would qualify
> as consideration sufficient to make the NDA an actual contract (IANAL, so who
> knows really).

A lawyer knows.

Seriously, there's no need to idly speculate on this one. It was
drafted by myself and Canonical's legal department to give us recourse
against those who would use the information in the Error Tracker
database for nefarious purposes. Neither myself nor those talented
individuals would be wasting our respective time if we didn't think
that:

A) There is a risk in giving people unencumbered access to a mountain
of data that could possibly contain some sensitive information.
B) It is therefore acceptable to place restrictions on this access via
a legally binding agreement.
C) This agreement, if violated, could be leveraged against the guilty party.

Also, "fixing our product for free"? Come on, Scott. This is open
source software.

> Have we ever had a problem with developers not treating crash reports with
> sufficient care?  If not, I wonder why it's worth inhibiting access to useful
> data in order to solve a problem we aren't having.

Should we wait until we do have a problem?

I would like to leave the users of Ubuntu with a sense that we're
doing everything we feasibly can to take care of the data they've
entrusted us with. If a developer wants to remain anonymous and not
agree to some fairly simple ground rules, that's their choice, but
they will not get access to this potentially sensitive data. It's a
more than fair arrangement.

> You'd also need to check what priority questions debconf is set to ask if
> you're going to default it to true (which I think is a mistake - I think
> people interested in contributing will flip the switch, while defaulting to
> true will cause people who don't care to contribute to have a negative opinion
> about Ubuntu Server).  Depending on how the question priorities are set, your
> question may never get asked.

If you're not fussed, by definition you're not going to take the time
to read through a page of text and find a box to tick. If you do care,
the heading is going to catch your eye. You'll read it and you'll make
your decision.

This matches the behaviour we already have in Ubuntu Desktop on
millions and millions of machines for well over a year. Honestly, the
only complaints I've heard are, "can we show these less often" and
"can I please just have it always send?"

The structure of the debconf question is an implementation detail.
We'll make sure this page always gets shown when not preseeding, and
that preseeding defaults to "no thank you."

> P.S.  Replying to all since apparently not everyone is subscribed to the
> server list

That's fixed now. :)




More information about the ubuntu-server mailing list