GNU bug report logs - #52866
maintenance: Add a crash dump service.

Previous Next

Full log

Message #28 received at 52866-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Mathieu Othacehe <othacehe <at> gnu.org>
Cc: 52866-done <at> debbugs.gnu.org
Subject: Re: bug#52866: maintenance: Add a crash dump service.
Date: Tue, 08 Feb 2022 10:53:07 +0100

Hi,

Mathieu Othacehe <othacehe <at> gnu.org> skribis:

>> OK (I didn’t know it was already deployed!).  What if we just put the
>> uploaded file in a directory and let nginx provide a directory index and
>> all?  Anyway, given the target audience, it doesn’t have to be fancy.
>
> Heh, it was deployed for testing purposes and is now just committed. I
> also considered the nginx directory index but I feel like the current
> approach gives us more flexibility.
>
>> The message should allow for informed consent.  Thus it should explain
>> what the risks are (“Logs may contain sensitive information such as …”,
>> “Logs are eventually publicly visible, but IP addresses are not logged”,
>> etc.) and/or it should let users screen all the logs.
>
> Josselin did add the possibility to consult and edit the log files
> before creating the crash dump.
>
>> As discussed the other day on IRC, to make sure the backtrace does not
>> contain passwords, we could define a record type for “secrets”, which
>> would basically just “box” strings such as passwords.  That record
>> type’s printer would just print #<secret 0123abcd>.  See
>> <file-system-label> for an example.
>
> Also implemented by Josselin.

Well done, thank you!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.