Should I include logs that contain "sensitive information"?

Solution 1:

The software uses several data sources for a bug report. One such source is your user environment. This is the content of the file /proc/PID/env where PID is the process ID of a specific process. In the case of a networking program this might reveal to which servers you are connected. Some software allows it to enter a password as commandline option.

Also a hostname can be sensitive. Just assume you are working inside a company. The fact itself that you're working there, could be revealed through a hostname and might be sensitive.

So in many cases a hostname will not sensitive per se, but with additional information it can easily get sensitive or sometimes dangerous.

The error message is just a reminder for you to reflect if your hostname or other information are worth being protected. If no, all is OK. If yes, you should modify the report.

Solution 2:

General recommendation:

• If you know what are you doing and that compromising your logs is not a threat to you, you can include logs to the error.
• Or if you feel pretty safe, as security is not your business and your Linux is test or similar installation, you can include them.
• From display manager there should not be anything about your networking, so I think it is pretty safe to include logs. Maximum threat is, that community will see what types of monitors you use - but I cannot guarantee that.
• If this is not the matter, (so you don't know what you are doing, you work in "secured" environment, etc. ) it is better NOT to include the information. Remember, that these logs are accessible to the ubuntu community so almost everybody can read it / or you have no control who is reading. But in general, this cannot harm your computer.

Finally, it is up to you.