On Mon, Aug 12, 2013 at 2:39 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > On Mon, 2013-08-12 at 13:03 +0100, Pedro Francisco wrote: >> Hello! >> I found a bug report with possible private info on it. >> >> What should I do? >> >> 1- Contact bugzilla admin to remove the attachment? >> 2- Contact the owner of the bug and warn him of it? >> 3- Both? > > Not quite sure what you mean by 'private info', but definitely do > something - you mean it exposes the user's secrets? Definitely do #2 and > if it's really urgent do #1 at the same time. Anyone with editbugs > privileges can mark a comment as private which at least limits the > number of people who could see the secret data, so you can contact > anyone you trust who's a package maintainer or has editbugs privs > through the old triage group or something (including me, and many others > on this list) and ask if they can mark the attachment as private, too. Now that the issue is taken care of, should a bug be open to prevent something like this to happen again? I know ABRT has a notice saying 'possible private info detected, please review', but usually it's just the username... -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
