Re: Mandatory -dbg packages for libraries?
Loïc Minier <lool+debian@via.ecp.fr> writes:
> On Tue, Apr 24, 2007, Josselin Mouette wrote:
>> Apport sends complete core dumps, which is a very bad idea. The dumps
>> can be huge (for desktop applications they often grow beyond 200MB) and
>> they can contain gazillions of sensitive information.
> But Apport is written already, and it's also the path that Windows
> crash report and Mozilla's talkback tools have taken; these
> corporations might not represent our ideals, but they present examples
> of deployed and working solutions.
> I don't think it's still 200 MB compressed, but some input from Ubuntu
> folks could help.
I believe sending full core dumps is an acceptable solution if and only
if:
* The user is notified and voluntarily opts in to sending dumps.
* The core dumps are sent encrypted over the network.
* The core dumps are stored securely wherever they're sent and only
authorized people have access to them.
* Every organization that has access to the core dumps is legally bound
to not disclose any personal or confidential information in them to
anyone.
I think the last two are pretty hard for Debian to do.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: