[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bugs reports should include syslog warnings or not?

On Sat, Mar 17, 2018 at 06:09:25PM +0100, Sebastien Bacher wrote:
> Hey there,
> was raised
> to my attention in a discussion about apport/e.u.c and I'm wondering if
> the change is right

Thanks for bringing this up.

> The report pointed out that private info have been included in a report
> through JournalError.txt, and the solution applied was to change apport
> to include errors level messages only and not warning.
> Looking a bit a journalerror on some bugs it seems we have indeed some
> components that log too much content as "warning" (gdm in that case),
> but changing to "error" has been cutting out useful warnings and doesn't
> seem the right fix to me nor a step in the right direction. It doesn't
> also protect us of the described issue (if a program logs sensitive info
> in its errors messages we are still going to send them).
> I suggest that we change apport back to report warnings as well and look
> at how we can better fix the privacy issue.

I've modified apport back to include warnings but at the same time to
address the privacy issue have also changed apport to only include
JournalErrors when the report is a crash report as those reports are
private by default. So before making a crash report public be sure to
review the JournalErrors attachment for private information. And of
course you can always ask the bug reporter to run the same command,
'journalctl -b --priority=warning --lines=1000', and add that to their
regular bug reports if necessary.

Brian Murray