"The system detected a problem, do you want to report it?" dialog

Oliver Grawert ogra at ubuntu.com
Sun Aug 26 14:37:49 UTC 2018


hi,
Am Sonntag, den 26.08.2018, 16:08 +0200 schrieb Ralf Mardorf:
> On Sun, 2018-08-26 at 15:36 +0200, Oliver Grawert wrote:
> > 
> > Am Sonntag, den 26.08.2018, 15:12 +0200 schrieb Ralf Mardorf:
> > > 
> > > 
> > > We don't need to worry abut such issues, if we manually report
> > > bugs.
> > if you manually report bugs software has no security issues ???
> If you manually report bugs, you don't need to use a tool to report
> bugs, that could suffer from a security issue. This is very
> important,
> since you claim that the tool to report bugs does "anonymize" the
> reported data, while you don't quote a source to underpin this claim.
> However, even if it should be able to remove all sensible data, it
> still
> could suffer from a security issue. If you don't use a tool to report
> a
> bug, no tool could suffer from a security issue.
> 
> 
well, again, you didnt read what i wrote ... 

the tool does not "file bugs" it sends core dumps and crash reports a
package maintainer defined to https://errors.ubuntu.com/ if there
should be bugs resulting from this, they are created by developers or
the QA team monitoring the tables on that page by using the "Create"
link in the right column of the table ...

users that file bugs use https://launchpad.net/ubuntu to file bugs ...

you are missing the point of the apport tool and you are missing the
point that all software can have bugs and security issues at all time,
a security issue in a quality assurance tool is neither worse or better
than a security issue in the kernel, they are all equally awful and all
need fixing ASAP after being detected... 

if you have tens of millions of users of which only a very small
fraction will ever manually file bugs, there is only automation to get
you enough info to keep the quality level high enough to provide an
enterprise class product.

and no matter how much you dis-like apport, it wont go away, it is an
essential part of the ubuntu infrastructure, it s used by nearly every
ubuntu package maintainer to receive the package specific info they
require for debugging, it is deeply integrated into archive management,
package build processes and QA processes, the little bit of UI you see
from it is only a very small portion of what apport is as a whole.

ciao
	oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20180826/190a4ba8/attachment-0001.sig>


More information about the ubuntu-users mailing list