On Wednesday 14 of January 2015 15:18:00 Florian Weimer wrote:
On 01/14/2015 02:27 PM, Marek Brysa wrote:
> Hi Matthias and Florian,
>
> I wasn't subscribed to the list so I can't reply directly to the thread.
>
> The data contained in the automatic bug report (uReport) is described
> here:
>
https://github.com/abrt/faf/wiki/uReport
> It was designed with anonymity as a requirement and doesn't contain any
> user sensitive data, only a simple backtrace and some statistical info
> like OS version and related package versions. We don't save IP addresses
> where the reports are coming from.
The current upload process does not ensure anonymity because of all the
logging the Fedora infrastructure does. Both the dialog text and the
policy need to reflect that. (ureport uploaders are likely
pseudonymous, at least as long only paths which are part of the OS
installation are reported.)
> Reporting to Bugzilla may contain sensitive data (coredump), but is
> manual, for advanced users only and the user is required to do a review
> of the data.
Even the process environment may contain sensitive data. Only in rare
cases, it will be totally anonymous before manual scrubbing by the user.
Sure, but ABRT *NEVER* reports automatically to Bugzilla.
Correct me if I am wrong, but it is NOT expected that the reporting to
Bugzilla is anonymous.
Jakub