On Thu, 2007-08-09 at 07:51 +0000, Sebastien Bacher wrote: > The apport bugs are private by default in gutsy, that should address > your concern.
Partly, yes. Sensitive data is still being exposed albeit to a smaller group of people. But it's also only be guarded by the security of Launchpad. Those are both enough to make me nervous. > Look like Kees did an error while cleaning the list of > bugs wrongly tagged a security issue, that can happen to everybody Perhaps. This was careless though. I would say anyone dealing with bugs tagged as a security issue has an extra level of responsibility and needs to be an order of magnitude more careful in their actions (measure twice, cut once). The very nature of a package that deals in secrets is that it is likely that at least one of them in is in the core file and/or stack trace. As I said previously though, the real answer is the automated scrubbing of data marked sensitive as it passes through the core-dumping-and-debugging process. And then of course, the world of FOSS has to be taught to use it. :-( This sounds like a wonderful project for a Canonical developer. :-) I'd say it belongs right in the heart of gcc/glibc/kernel so that it's ubiquitous and not just available to those by adding a library/build-time dependency. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell -- gnome-keyring-daemon crashed with SIGSEGV in strchr() https://bugs.launchpad.net/bugs/130938 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
