On Wed, 2014-08-13 at 08:27 -0400, Jakub Filak wrote: > Hello, > > the ABRT team got an request to replace uploading of core dumps > to the retrace server by providing a fuse-like share with debuginfos [1]. > It would be really nice if the security experts could comment on this. I believe that this is primarily a legal compliance, and privacy issue than simply a security issue (and that applies to the core dump sending as well). The concern there, has the user ever agreed to provide that information? Can a user explicitly remove that information that concern him (I believe both are requirements under EU directives). As for an opinion for the security of this scheme, I don't believe that you provided an details of its design. The minimum requirements should be, that information is communicated securely over the wire, so that only Fedora project can access the data, and that data must be stored in a way that they cannot be used by a third party who stole that information (e.g. take them offline as soon as possible, or encrypt them with an HSM that cannot decrypt, or gpg and a public key - i.e., decryption can only be done offline). As I see, unless we have a good reason to keep that information, it is mostly a burden to have them (consider the PR disaster if that gets stolen). regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
