> The UID can actually matter. We have a frequently reported non-bug that
> graphical KDE applications will not work (and abort with a qFatal, which
> fires the SIGABRT signal) if you run them under tools like su or sudo
> because they won't find some resources (usually the D-Bus session service
Christian Stadelmann wrote:
> Answers from my (user and frequent bug reporter) view:
> 1. abrt/libreport reports way too much data. There is no need to report my
> hostname to Fedora/RedHat infrastructure. Same for UID, PID, username,
> time, environ, …
The UID can actually matter. We have a frequ
Answers from my (user and frequent bug reporter) view:
1. abrt/libreport reports way too much data. There is no need to report my
hostname to Fedora/RedHat infrastructure. Same for UID, PID, username, time,
environ, …
2. abrt/libreport leaks much sensitive data. This includes paths in my home
di
On 10/24/2016 06:34 PM, Michael Catanzaro wrote:
> On Mon, 2016-10-24 at 18:07 +0200, Jakub Filak wrote:
>> I use ABRT to report crashes, I deal with ABRT reports and I'm happy
>> with
>> the current default.
>>
>> I am sorry. I understand your problem, but I don't have any good
>> solution
>> for
On 25/10/16 22:49, den...@ausil.us wrote:
> There has never been any policy against private bugs, and it's been
> encouraged for security sensitive bugs from day 1. There is a lot of Red Hat
> employees who default to private bugs
FYI The warn on public create customization has been dropped from
There has never been any policy against private bugs, and it's been encouraged
for security sensitive bugs from day 1. There is a lot of Red Hat employees who
default to private bugs or private comments due to working mostly on internal
bugs. A nice rfe might be to enable the ability to default
Jakub Filak wrote:
> I will repeat my argument again - users are allowed to do it when filling
> a private bug manually.
My point is, they shouldn't be.
Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an
On 10/25/2016 03:54 AM, Kevin Kofler wrote:
>
> Even without this written down anywhere, it used to be common understanding
> that Fedora bugs are public by design. But then came the ABRT team. Now we
> get tons of "private" bug reports. Mostly because ABRT lets users attach
> tons of crazy thi
Florian Weimer wrote:
> Why does Bugzilla allow filing private Fedora bugs?
I am fairly sure that there used to be (in the distant past) a policy
written down somewhere that "All Fedora bugs are public". The problem is
that, after ABRT started filing those private bugs, I searched for it in all
On 25/10/16 02:41, Florian Weimer wrote:
> On 10/21/2016 09:16 PM, Michael Catanzaro wrote:
>> On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
>>> Bugzilla is specifically not designed for keeping sensitive stuff
>>
>> Really? Every Bugzilla that I regularly work with (GNOME, WebKit, Red
>
On 10/21/2016 09:16 PM, Michael Catanzaro wrote:
On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
Bugzilla is specifically not designed for keeping sensitive stuff
Really? Every Bugzilla that I regularly work with (GNOME, WebKit, Red
Hat) has this feature.
They have private bug repor
On Mon, 2016-10-24 at 18:07 +0200, Jakub Filak wrote:
> I use ABRT to report crashes, I deal with ABRT reports and I'm happy
> with
> the current default.
>
> I am sorry. I understand your problem, but I don't have any good
> solution
> for it.
>
> Could you please propose a better default?
The
On 10/21/2016 09:16 PM, Michael Catanzaro wrote:
> On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
>> Bugzilla is specifically not designed for keeping sensitive stuff
>
> Now, ABRT's heuristic for whether to make the bug private is really
> terrible; you can imagine that any application
On 10/21/2016 11:29 PM, Chris Murphy wrote:
> On Fri, Oct 21, 2016 at 1:16 PM, Michael Catanzaro
> wrote:
>> On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
>>> Bugzilla is specifically not designed for keeping sensitive stuff
>>
>> Really? Every Bugzilla that I regularly work with (GNOM
On 22 October 2016 at 01:31, Jeff Fearn wrote:
> On 22/10/2016 4:54 AM, Florian Weimer wrote:
>> On 10/21/2016 08:42 PM, Stephen John Smoogen wrote:
>>> We don't run the Bugzilla so the capability of who has it and who does
>>> not is not set by us.
>>
>> Bugzilla's group-based restrictions can be
On 22/10/2016 4:54 AM, Florian Weimer wrote:
> On 10/21/2016 08:42 PM, Stephen John Smoogen wrote:
>> We don't run the Bugzilla so the capability of who has it and who does
>> not is not set by us.
>
> Bugzilla's group-based restrictions can be configured per product, so
> it's easy to ask for chan
On Fri, 2016-10-21 at 15:29 -0600, Chris Murphy wrote:
> Does it makes sense to have something sanitize URLs and paths that
> start with /home by default? Seems like a scalpel vs backhoe is
> needed.
Maybe... I dunno, sometimes the actual value really is important for
reproducing the bug. It at le
On Fri, Oct 21, 2016 at 1:16 PM, Michael Catanzaro wrote:
> On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
>> Bugzilla is specifically not designed for keeping sensitive stuff
>
> Really? Every Bugzilla that I regularly work with (GNOME, WebKit, Red
> Hat) has this feature. If you have a
On Fri, 2016-10-21 at 20:56 +0200, Florian Weimer wrote:
> Bugzilla is specifically not designed for keeping sensitive stuff
Really? Every Bugzilla that I regularly work with (GNOME, WebKit, Red
Hat) has this feature. If you have a mailing list auto-CCed to a
component, well yeah that screws it up
On 10/21/2016 08:45 PM, Adam Williamson wrote:
On Fri, 2016-10-21 at 20:25 +0200, Florian Weimer wrote:
Why does Bugzilla allow filing private Fedora bugs?
One major reason is for abrt reports; the data abrt submits can include
sensitive stuff.
Bugzilla is specifically not designed for keep
On 10/21/2016 08:42 PM, Stephen John Smoogen wrote:
We don't run the Bugzilla so the capability of who has it and who does
not is not set by us.
Bugzilla's group-based restrictions can be configured per product, so
it's easy to ask for changes if this is what we want. It doesn't even
need cu
On Fri, Oct 21, 2016 at 2:44 PM Stephen John Smoogen
wrote:
> On 21 October 2016 at 14:25, Florian Weimer wrote:
> > Why does Bugzilla allow filing private Fedora bugs?
> >
>
> Because people believe they are posting private information from their
> systems which they do not want to have broad d
On Fri, 2016-10-21 at 20:25 +0200, Florian Weimer wrote:
> Why does Bugzilla allow filing private Fedora bugs?
>
> I'm not sure who has the capability (it may be tied to specific
> accounts). It is not all that helpful because accounts on the Cc: list
> still receive notifications and can acces
On 21 October 2016 at 14:25, Florian Weimer wrote:
> Why does Bugzilla allow filing private Fedora bugs?
>
Because people believe they are posting private information from their
systems which they do not want to have broad dissemination. There are
many times where Fedora bugs were part of Red Hat
Why does Bugzilla allow filing private Fedora bugs?
I'm not sure who has the capability (it may be tied to specific
accounts). It is not all that helpful because accounts on the Cc: list
still receive notifications and can access the bug. Recipients of the
notifications may include public ma
25 matches
Mail list logo
