Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Error reporter and third-party code


let me send this at the beginning: this discussion is greatly appreciated - although my personal answer might not be satisfying yet…

Library projects like Sapphire or Nebula are somewhat special because they are (more or less) exclusively used by third-party plugins. Hence they do not benefit that much from the privacy defaults.

First question… Why are third-party stack frames hidden? 

Although your questions may give a different impression, I assume that you and everyone else understands why classnames from non-eclipse/non-apache bundles are replaced by HIDDEN.HIDDEN by default.

No matter if one does or not, one may ask the following questions (again) and judge differently now (after ten thousands of users reported ~170K errors in the last 30 days): 

(i) whether a class name in a stacktrace should be considered as "potentially private information“, and
(ii) whether it should be anonymized by default.

When we (Eclipse Foundation staff and me) discussed the legal implications of the error reporting we came to the conclusion that a class name may reveal sensitive information and thus should be anonymized by default.

Are the notes from when this was originally considered captured somewhere?

The discussion about what to anonymize and how took place on August 2014. First with the Eclipse Foundation Staff in a couple of conference calls and then published and summarized in several mails to cross-projects-issues-dev@xxxxxxxxxxx. I strongly conclude that if someone would have cared at that time, they would have had the chance to participate from the very first moment. Let me know if you need me to pull up all emails and slides I sent to cross-projects regarding the error reporting at that time. I’m pretty sure the whole process was quite transparent at any time and visible to everyone starting from M1 to RC4 :-)

I have contact info for many Sapphire adopters. If I knew who to contact, I could actually follow up on these error reports.

IMHO this is more a legal question then a technical one. It all depends how lawyers (and users) judge on the two questions above.
I can imagine that - if member companies agree to collect their error reports at OR to opt-in to disable anonymization for their bundles and namespaces - we can reduce the number of HIDDEN in your error reports. But as I said, this would need the support of the Eclipse foundation and like of the member companies.

I assume you understand that user may find stacktraces to contain potentially sensitive data (if not - let’s assume it hypothetically), which options would you propose?


Back to the top