[plt-scheme] planet: help submitting bugs & a question
On Tue, Sep 2, 2008 at 8:12 AM, Carl Eastlund <cce at ccs.neu.edu> wrote:
> On Tue, Sep 2, 2008 at 8:53 AM, Robby Findler <robby at cs.uchicago.edu> wrote:
>>
>> Drscheme could also log these contract violations, anonymize them[*]
>> and periodically submit them as tickets to trac by itself. Is that
>> something that people would appreciate? Or would such an automatic
>> submission be a privacy problem (or some other kind of problem)?
>>
>> Thanks,
>> Robby
>>
>> [*] it could remove any values that triggered the error from them
>> error message so that functions that, say, accept credit card numbers
>> as their arguments wouldn't trigger credit card information being sent
>> in the bug report.
>
> It would be hard to remove the values that triggered the error without
> cutting off most of the useful error message information... for
> instance, if your password checking function had the contract:
> (-> (matching-password/c your-code) your-sensitive-data/c),
> just the name of the input contract might be formatted with your-code
> in it. The contract itself would have to be taken out, leaving not
> much information.
I wouldn't anonymize that part, no. I also wouldn't anonymize the
stacktrace, so if you named a function with your credit card
information, you'd also be in trouble.
> Also, would development links and fileinjected local packages, never
> intended for distribution, be properly left out of this mechanism?
Yes (altho the new bug link currently sends you to the tract ticket
submission page, even for development links, I believe).
Robby