Bug report with private info
Pedro Francisco
pedrogfrancisco at gmail.com
Thu Aug 15 11:09:18 UTC 2013
On Mon, Aug 12, 2013 at 2:39 PM, Adam Williamson <awilliam at redhat.com> wrote:
> On Mon, 2013-08-12 at 13:03 +0100, Pedro Francisco wrote:
>> Hello!
>> I found a bug report with possible private info on it.
>>
>> What should I do?
>>
>> 1- Contact bugzilla admin to remove the attachment?
>> 2- Contact the owner of the bug and warn him of it?
>> 3- Both?
>
> Not quite sure what you mean by 'private info', but definitely do
> something - you mean it exposes the user's secrets? Definitely do #2 and
> if it's really urgent do #1 at the same time. Anyone with editbugs
> privileges can mark a comment as private which at least limits the
> number of people who could see the secret data, so you can contact
> anyone you trust who's a package maintainer or has editbugs privs
> through the old triage group or something (including me, and many others
> on this list) and ask if they can mark the attachment as private, too.
Now that the issue is taken care of, should a bug be open to prevent
something like this to happen again? I know ABRT has a notice saying
'possible private info detected, please review', but usually it's just
the username...
More information about the test
mailing list