[Reportbug-maint] Bug#576828: Bug#576828: reportbug should warn reporter on about to be sent text including passwords

Sandro Tosi morph at debian.org
Wed Apr 7 16:15:11 UTC 2010


Hello Arthur,
thanks for your report.

On Wed, Apr 7, 2010 at 17:01, Arthur Marsh
<arthur.marsh at internode.on.net> wrote:
> Hi, it would be a good idea for reportbug to warn of or by default
> strip passwords from report messages including attached files (e.g.
> text on the same line as a case insensitive match on password) as
> Google indexes Debian bug reports very quickly and it would be
> trivial to use Google to harvest passwords inadvertently included
> in a bug report.

Are you referring to reportbug itself, when it includes the
~/.reportbugrc file and the password there contained? or are you
referring to a general case, where a user insert username/password
into the bug report? or (last option :) are you referring to other
packages that includes their configuration files into the bug report?

Regards,
-- 
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi





More information about the Reportbug-maint mailing list