[Reportbug-maint] Bug#576828: reportbug should warn reporter on about to be sent text including passwords

Arthur Marsh arthur.marsh at internode.on.net
Wed Apr 7 15:01:00 UTC 2010 

Package: reportbug
Version: 4.11
Severity: wishlist


Hi, it would be a good idea for reportbug to warn of or by default
strip passwords from report messages including attached files (e.g.
text on the same line as a case insensitive match on password) as
Google indexes Debian bug reports very quickly and it would be 
trivial to use Google to harvest passwords inadvertently included
in a bug report.

-- Package-specific info:
** Environment settings:
INTERFACE="text"

** /home/amarsh04/.reportbugrc:
reportbug_version "3.5"
mode standard
ui text
realname "Arthur Marsh"
email "arthur.marsh at internode.on.net"

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages reportbug depends on:
ii  apt                           0.7.25.3   Advanced front-end for dpkg
ii  python                        2.5.4-9    An interactive high-level object-o
ii  python-reportbug              4.11       Python modules for interacting wit

reportbug recommends no packages.

Versions of packages reportbug suggests:
ii  debconf-utils        1.5.30              debconf utilities
pn  debsums              <none>              (no description available)
pn  dlocate              <none>              (no description available)
ii  emacs22-bin-common   22.3+1-1.2          The GNU Emacs editor's shared, arc
ii  exim4                4.71-4              metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light [ 4.71-4              lightweight Exim MTA (v4) daemon
ii  file                 5.04-2              Determines file type using "magic"
ii  gnupg                1.4.10-3            GNU privacy guard - a free PGP rep
ii  python-gtk2          2.16.0-2            Python bindings for the GTK+ widge
pn  python-gtkspell      <none>              (no description available)
pn  python-urwid         <none>              (no description available)
ii  python-vte           1:0.24.0-1          Python bindings for the VTE widget
ii  xdg-utils            1.0.2+cvs20100307-1 desktop integration utilities from

-- debconf-show failed

More information about the Reportbug-maint mailing list