[Pkg-xfce-devel] Bug#889905: Bug#889905: xfce4-notifyd: privacy-invasive logging of notification content

Yves-Alexis Perez corsac at debian.org
Thu Feb 8 19:38:01 UTC 2018

On Thu, 2018-02-08 at 17:05 +0100, Sergio Gelato wrote:
> xfce4-notifyd has bugs (known upstream) in its handling of markup, more
> specifically of unintentional markup <like this> &this. This bug report
> is about the way it logs occurrences of such (non-)markup.

Hi, thanks for the bug report. Can you provide the upstream bug report on
this? I can't reproduce with:

notify-send '<like this> &this' on xfce4-notifyd 0.4.1-1 so maybe it's been
fixed meanwhile.
> Here is a (redacted) example of an entry I've seen in my logs due to user
> activity. I don't want, and my users almost certainly don't want me, to see
> this much detail: it's privacy-invasive. I'll filter out these messages
> but feel that they shouldn't be sent to syslog in the first place. Not in so
> much detail, and not for every notification that happens to contain an
> ampersand or a < bracket.

First, it's definitely not xfce4-notifyd sending this to syslog. More likely
it's just output to stdout/stderr and systemd forwards it to journal and the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20180208/d586312f/attachment.sig>

More information about the Pkg-xfce-devel mailing list