This site is an archive; learn more about 8 years of OpenHatch.

[Devel] Privacy, Trust and Piles of Tracebacks

Jack Grigg me at jackgrigg.com
Thu Apr 7 00:09:24 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,

I've been hacking away at little bits of OpenHatch's Roundup tracker
for a while now, such as implementing the milestone feature. While
doing so, I invariably break things about a page, and when this
happens Roundup, rather than logging to a local error log, decides to
email the traceback information to an admin email - currently an
@openhatch.org email. Having access to these tracebacks is invaluable
in terms of the speed and ease with which I can implement changes to
the tracker. The issue is that each traceback also contains the
Roundup session ID of the user for whom the report was generated,
which could potentially be used maliciously.

Now, I personally believe I can trust myself not to use these IDs for
harmful purposes (I don't even know HOW to use them for harmful
purposes ^_^ ) but the point is that other people, namely users, need
to be able to do so as well. This also relates to another recent topic
of discussion about opening up aspects of the production server to
more people (aka: remove the Asheesh bottleneck =P ). Already we have
additional people with access to several parts of the ecostructure
Roundup backend (as I have been exploiting to great milestone effect),
the wiki, the Nagios monitoring system, and the LiSH recovery
terminal. And the more people we let in, the easier it is to keep
things running smoothly and develop them further - and the greater the
chance of abuse, or exposure of private data (though aside from
OpenIDs, passwords and some locations, I'm not sure how much personal
data we keep).

I'm not trying to be accusatory, or promote an iron-clad militarian
approach to handling things ("No Asheesh, you will NOT sleep, you need
to watch the server in case a butterfly flaps its wings in Japan!").
Nor am I saying that everything should be open to all. I'm just very
curious as to the best way to manage things like this, and how to give
assurances to users that those people who do have access to sensitive
information are only there because they are helping improve OpenHatch,
and only using that data if it's actually necessary. For example,
where should the Roundup tracebacks be sent? Should the Monitoring
mailing list be a private list for trusted developers? The floor is
yours for ideas!

(On another note, because this is an email about privacy, it's given
me an excuse to finally get around to setting up OpenPGP on my mail
client. Digital signing FTW!)

Cheers,
Jack
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNnQClAAoJEI3j92WSe+b3eN8IAJhtRRzVYvDI5F5vqJyb2xE8
iOjpvN0ztiBojYOffLrrzzcezMoDzcByTw/64NV+D+rWGoEWZrxhIrVd8BX/aYil
kwbt4lgQ9XmSVuTXoV9rf9l26aalUhA2I8Ae1V/DYNyPwfHFCqhZkz9QAvGmRutu
TBaaWz7Iac5wNeHEXVXCGhtoiaU7LIgUGhwRYcLSXjX49jEpfARbs6Apkpq5wyWd
jUfnkDOqsi051jnpqYlv7n89e8mh41aVHB0hCMnSCGjxIRMpcD+5IfcyoYWhFeUa
d5Vaa3PXDuqZJGmJF32KfnH/GmjoYvDTumgJjDzc5uFWSAxiUXD8wfsESMQSies=
=/8jA
-----END PGP SIGNATURE-----


More information about the Devel mailing list