On Tue, Apr 24, 2007 at 02:40:22PM +0200, Loïc Minier wrote: > On Tue, Apr 24, 2007, Josselin Mouette wrote: > > Apport sends complete core dumps, which is a very bad idea. The dumps > > can be huge (for desktop applications they often grow beyond 200MB) and > > they can contain gazillions of sensitive information. > > But Apport is written already, and it's also the path that Windows > crash report and Mozilla's talkback tools have taken; these > corporations might not represent our ideals, but they present examples > of deployed and working solutions. > > I don't think it's still 200 MB compressed, but some input from Ubuntu > folks could help. I for one, won't use a solution that sends full core dumps. KDE applications e.g. use many shared memory among the different processes and I will never know if the crash of konqueror I want to report wouldn't include all my accounts passwords from kwallet it just used. Sorry but, well, that's an option I'm not willing to take, and I'm sure others feel the same. There is a major privacy issue here, and well, sorry, but taking Microsoft as an example here is quite err disturbing :) A clean and good backtrace is very often useful enough, and would IMHO be a significant improvement already. One could also imagine a setup where cores remains "archived" on the user side, so that they can provide more extensive backtraces (values of some variables or so) and see textually if sensitive informations are in there or not. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpsDGnj5f2Q4.pgp
Description: PGP signature