Should I include logs that contain "sensitive information"?
Solution 1:
The software uses several data sources for a bug report. One such source is your user environment. This is the content of the file /proc/PID/env
where PID
is the process ID of a specific process. In the case of a networking program this might reveal to which servers you are connected. Some software allows it to enter a password as commandline option.
Also a hostname can be sensitive. Just assume you are working inside a company. The fact itself that you're working there, could be revealed through a hostname and might be sensitive.
So in many cases a hostname will not sensitive per se, but with additional information it can easily get sensitive or sometimes dangerous.
The error message is just a reminder for you to reflect if your hostname or other information are worth being protected. If no, all is OK. If yes, you should modify the report.
Solution 2:
General recommendation:
- If you know what are you doing and that compromising your logs is not a threat to you, you can include logs to the error.
- Or if you feel pretty safe, as security is not your business and your Linux is test or similar installation, you can include them.
- From display manager there should not be anything about your networking, so I think it is pretty safe to include logs. Maximum threat is, that community will see what types of monitors you use - but I cannot guarantee that.
- If this is not the matter, (so you don't know what you are doing, you work in "secured" environment, etc. ) it is better NOT to include the information. Remember, that these logs are accessible to the ubuntu community so almost everybody can read it / or you have no control who is reading. But in general, this cannot harm your computer.
Finally, it is up to you.