On Tue, 2007-04-24 at 14:40 +0200, Loïc Minier wrote: > On Tue, Apr 24, 2007, Josselin Mouette wrote: > > Apport sends complete core dumps, which is a very bad idea. The dumps > > can be huge (for desktop applications they often grow beyond 200MB) and > > they can contain gazillions of sensitive information. > > But Apport is written already, and it's also the path that Windows > crash report and Mozilla's talkback tools have taken; these > corporations might not represent our ideals, but they present examples > of deployed and working solutions. > > I don't think it's still 200 MB compressed, but some input from Ubuntu > folks could help. apport can send mini core dumps, and will offer to do so if the coredump is very large. > > Using a central server for symbol lookup like Ben proposed looks like a > > better idea. It needs gdb to be adapted or wrapped to access them > > correctly, though. > > Yes, it sounds like a good idea; I suppose it might offer less > possibilities, but a good stack trace is often good enough. However > modifying gdb sounds like a lot of hard work. I don't know how Apport > works on the server side, but if this part of Apport could be made to > run on the client and to fetch the relevant files, this might have all > advantages of not sending the sensitive core dumps, not uploading too > much data, and being available without too much development. This would be nice too - I would certainly like to be able to say to apport 'please retrace on my machine now without uploading' for applications that have been exposed to my password. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
Description: This is a digitally signed message part