[Fedora-legal-list] Privacy policy
Florian Weimer
fweimer at redhat.com
Wed Jan 14 14:18:00 UTC 2015
On 01/14/2015 02:27 PM, Marek Brysa wrote:
> Hi Matthias and Florian,
>
> I wasn't subscribed to the list so I can't reply directly to the thread.
>
> The data contained in the automatic bug report (uReport) is described here:
> https://github.com/abrt/faf/wiki/uReport
> It was designed with anonymity as a requirement and doesn't contain any user sensitive data, only a simple backtrace and some statistical info like OS version and related package versions.
> We don't save IP addresses where the reports are coming from.
The current upload process does not ensure anonymity because of all the
logging the Fedora infrastructure does. Both the dialog text and the
policy need to reflect that. (ureport uploaders are likely
pseudonymous, at least as long only paths which are part of the OS
installation are reported.)
> Reporting to Bugzilla may contain sensitive data (coredump), but is manual, for advanced users only and the user is required to do a review of the data.
Even the process environment may contain sensitive data. Only in rare
cases, it will be totally anonymous before manual scrubbing by the user.
--
Florian Weimer / Red Hat Product Security
More information about the legal
mailing list