Re: [bug-buddy]: Custom scripts for your application

From: Brian Cameron <Brian Cameron Sun COM>
To: Elijah Newren <newren gmail com>
Cc: desktop-devel-list gnome org, Olav Vitters <olav bkor dhs org>
Subject: Re: [bug-buddy]: Custom scripts for your application
Date: Thu, 30 Nov 2006 17:41:51 -0600


Elijah:

Stack traces can already potentially contain private info.  The
current method is:
1) Program crashes
2) Bug-buddy is launched, gathers data, and notifies the user what happened
3) Bug-buddy notifies the user that sensitive data may have been
collected and lets them know how to review it
4) The user is allowed to type in additional information and send the
report, or abort.

I don't see why the process should really change just because extra
information has been gathered besides a stack trace.  (Especially
since bug buddy merely says "information about the crash has been
successfully collected...)


I worry because the ability for applications to collect "additional
data" by running scripts defined in the application .desktop file opens
the door to collecting just about any sort of data.  Since it doesn't
seem that there are any plans to oversee what sort of data collection
might get added to .desktop files, some application maintainers might
add inappropriate data collection to their programs.

Let's say some program generates a log file, and because this log file
is useful for debugging the maintainer specifies that the logfile should
be added to the bug report when it is created.  This sounds good, but
what if there is some way that sensitive or private data can get into
the log.  Then when the program crashes, this sensitive data gets put
in a public forum for all to see (if they know where to look).

I would think most users would prefer that computers *not* forward
data that could contain sensitive or private data to other machines
by default.  Maybe it's just me, but I prefer to be asked first.  At
the very least, I like to be able to turn off such features if I
want.

Even if we don't add pop-ups or configuration settings, how this works
should at least be documented somewhere more formal than an email
discussion on desktop-devel-list.


In the user documentation of bug-buddy?  It's also pretty clear from
just using it...


Doesn't it get more complicated when arbitraty scripts can get executed
as specified in the application desktop file?  Does the current process
of "just using it" explain that data is collected in this way?

Yes, I just think there should be some mechanism to turn of bug
reporting.


It's already built-in to bug-buddy: you click "close" instead of
"send".  Does that not do what you want?


What if I never want bug-buddy to pop-up at all because I never want
bug reports to be sent.  Can I configure bug-buddy this way without
uninstalling bug-buddy from my system?  Or do I have to pick "close"
every time a program crashes?

Brian

References:
- Re: [bug-buddy]: Custom scripts for your application
  - From: Brian Cameron
- Re: [bug-buddy]: Custom scripts for your application
  - From: Olav Vitters
- Re: [bug-buddy]: Custom scripts for your application
  - From: Brian Cameron
- Re: [bug-buddy]: Custom scripts for your application
  - From: Olav Vitters
- Re: [bug-buddy]: Custom scripts for your application
  - From: Brian Cameron
- Re: [bug-buddy]: Custom scripts for your application
  - From: Olav Vitters
- Re: [bug-buddy]: Custom scripts for your application
  - From: Brian Cameron
- Re: [bug-buddy]: Custom scripts for your application
  - From: Elijah Newren

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]