[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mandatory -dbg packages for libraries?

On Tue, 2007-04-24 at 14:40 +0200, Loïc Minier wrote:
> On Tue, Apr 24, 2007, Josselin Mouette wrote:
> > Apport sends complete core dumps, which is a very bad idea. The dumps
> > can be huge (for desktop applications they often grow beyond 200MB) and
> > they can contain gazillions of sensitive information.
>  But Apport is written already, and it's also the path that Windows
>  crash report and Mozilla's talkback tools have taken; these
>  corporations might not represent our ideals, but they present examples
>  of deployed and working solutions.
>  I don't think it's still 200 MB compressed, but some input from Ubuntu
>  folks could help.

apport can send mini core dumps, and will offer to do so if the coredump
is very large. 

> > Using a central server for symbol lookup like Ben proposed looks like a
> > better idea. It needs gdb to be adapted or wrapped to access them
> > correctly, though.
>  Yes, it sounds like a good idea; I suppose it might offer less
>  possibilities, but a good stack trace is often good enough.  However
>  modifying gdb sounds like a lot of hard work.  I don't know how Apport
>  works on the server side, but if this part of Apport could be made to
>  run on the client and to fetch the relevant files, this might have all
>  advantages of not sending the sensitive core dumps, not uploading too
>  much data, and being available without too much development.

This would be nice too - I would certainly like to be able to say to
apport 'please retrace on my machine now without uploading' for
applications that have been exposed to my password.

GPG key available at: <http://www.robertcollins.net/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: