On 10/25/2016 03:54 AM, Kevin Kofler wrote: > > Even without this written down anywhere, it used to be common understanding > that Fedora bugs are public by design. But then came the ABRT team. Now we > get tons of "private" bug reports. Mostly because ABRT lets users attach > tons of crazy things including core dumps (!), which of course contain > sensitive information. It is possible in theory to ask ABRT to attach a core dump file to a Bugzilla bug but the reporter must explicitly mark the file to be attached to the new bug. ABRT does not automatically attach core dump files to Bugzilla bugs. > Many users check everything and are then surprised > that ABRT makes the stuff private by default. Oops. We should improve our communication with users. > ABRT should really only attach > the files that actually make sense to attach. Core dumps should NEVER be > attached to a bug tracker. Bugzilla itself does not prevent users from attaching core dump files - the reporters are allowed to attach any file to a Bugzilla bug - and ABRT does not limit the reporters too. > (It also shouldn't ask the user what to attach, > but just always attach the same sane set of files. I believe we should allow the reporters to decide which file to attach and which one not. We should allow it because when filling a bug manually users allowed to choose the attachments. We can/should update the default set of attached files to make ABRT Bugzilla bugs less confusing. Fedora maintainers, which files you don't want to see in Bugzilla bugs attachments? And do you miss some information (except reproducer, this information cannot be automatically retrieved :)? I got an idea of squashing all the attached files into a one big text file last month, so there would be one attachment instead of dozens. It would make the required information harder to find in the attached file but Bugzilla bugs would be more readable. What do you think about it? > Right now, we get some > bugs with only a backtrace, and some bugs with everything but the kitchen > sink, depending on the mood of the reporter.) Could you please close those bugs with INSUFFICIENT_DATA? > Then the option to make the report private can and should go away too. > Actually there are users that have the opposite opinion and that's why the private report option exists - it wasn't the ABRT team's idea: https://bugzilla.redhat.com/960549 https://bugzilla.redhat.com/1044653 I will repeat my argument again - users are allowed to do it when filling a private bug manually. Regards, Jakub ABRT _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
