Open mmilata opened 10 years ago
jfilak
commented
10 years ago Are you sure that we want to implement such a feature in satyr? What are the pros and cons of implementing this in satyr? I would rather implement it in ABRT and keep satyr as simple as it is possible. Users may realize that they need to send even these paths and ABRT already has a configuration option ("OpenGPGCheck") for this purpose.
mmilata
commented
10 years ago Idea: provide a function like
bool sr_report_check_paths(struct sr_report, bool (*path_callback)(const char *path, void *data), void *data);that would return true if path_callback returned true for all paths in the report. The path_callback could e.g. check whether the path belongs to an RPM.
Consider:
/home/username/.app/plugin.so could be anonymized to something like /home/<censored>.
mtoman
commented
10 years ago FAF has a KB response for /home/.* and /usr/local/.* and I don't se why it shouldn't collect such reports. We maybe don't want to send such reports to Bugzilla, but that's ABRT's / libreport's job.
mmilata
commented
10 years ago My concern is about anonymity, paths can contain sensitive information (e.g. /home/flastname/horse_porn.avi).
We currently send paths only as part of a backtrace so there's probably little chance of leaking some kind of sensitive path. Nevertheless we state that the reports are anonymous and I think we should be more careful about what we send.
See https://github.com/abrt/abrt/issues/608 for an example.
We should probably mark the report as invalid and not send it.