Ideas for `bug'.

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Ideas for `bug'.
From: Nicolás Lichtmaier <nick@Feedback.com.ar>
Date: Sun, 11 May 1997 23:12:34 -0300 (ARST)
Message-id: <[🔎] Pine.LNX.3.96.970511230221.359A-100000@localhost>

 I agree that bug shouldn't post config files. They may have sensitive
information that might be used by atackers to the ssystem.

 I don't think we should use the `suid nobody cat approach'. A config file
can have sensitive information and still be world readable (/etc/passwd!).

 Some ideas:

 * Some kind of interactive bug reporting tool, where the reporter gets
the option of sending (or not) each conffile (checkboxes!). 

 * When the user enters the editor through bug he gets:

----------------
Package: tool
Version: 1.0-1

;;;Remove the line if you don't want the file sent:
/etc/tool.passwords
#/etc/another.way   (<--- commented way may be the default!)
;;;
----------------

 Bug would then insert the named files in the bug report. The drawback is
that the user doesn't have the ability to further edit the conffiles.

 * Packages may be able to specify information for use by `bug'. That
infor may be:
   * Extra information that the maintainer finds it can help him
to deal with the bug, the package may provide a bugreport script that
generates the info!.
   * Which files should be sent...

-- 
Nicolás Lichtmaier.-
nick@feedback.com.ar


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Ideas for `bug'.
  - From: Andreas Jellinghaus <aj@dungeon.inka.de>

Prev by Date: Re: Make bug package required? (was Re: berolist.deb)
Next by Date: Re: Make bug package required? (was Re: berolist.deb)
Previous by thread: Re: Sending closed bug notices to interested parties.
Next by thread: Re: Ideas for `bug'.
Index(es):
- Date
- Thread