On 01/14/2015 02:27 PM, Marek Brysa wrote:
Hi Matthias and Florian, I wasn't subscribed to the list so I can't reply directly to the thread. The data contained in the automatic bug report (uReport) is described here: https://github.com/abrt/faf/wiki/uReport It was designed with anonymity as a requirement and doesn't contain any user sensitive data, only a simple backtrace and some statistical info like OS version and related package versions. We don't save IP addresses where the reports are coming from.
The current upload process does not ensure anonymity because of all the logging the Fedora infrastructure does. Both the dialog text and the policy need to reflect that. (ureport uploaders are likely pseudonymous, at least as long only paths which are part of the OS installation are reported.)
Reporting to Bugzilla may contain sensitive data (coredump), but is manual, for advanced users only and the user is required to do a review of the data.
Even the process environment may contain sensitive data. Only in rare cases, it will be totally anonymous before manual scrubbing by the user.
-- Florian Weimer / Red Hat Product Security _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal
