Ideas for `bug'.
I agree that bug shouldn't post config files. They may have sensitive
information that might be used by atackers to the ssystem.
I don't think we should use the `suid nobody cat approach'. A config file
can have sensitive information and still be world readable (/etc/passwd!).
Some ideas:
* Some kind of interactive bug reporting tool, where the reporter gets
the option of sending (or not) each conffile (checkboxes!).
* When the user enters the editor through bug he gets:
----------------
Package: tool
Version: 1.0-1
;;;Remove the line if you don't want the file sent:
/etc/tool.passwords
#/etc/another.way (<--- commented way may be the default!)
;;;
----------------
Bug would then insert the named files in the bug report. The drawback is
that the user doesn't have the ability to further edit the conffiles.
* Packages may be able to specify information for use by `bug'. That
infor may be:
* Extra information that the maintainer finds it can help him
to deal with the bug, the package may provide a bugreport script that
generates the info!.
* Which files should be sent...
--
Nicolás Lichtmaier.-
nick@feedback.com.ar
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: