Package: debian-el Version: 35.12 Severity: grave My bug report via "M-x debian-bug" include authentication info:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808378 because I edit package supplied file /etc/tomcat8/tomcat-users.xml. That come from (defun debian-bug-compose-report ... (debian-bug-prefill-report package severity) ;; <=== HERE `debian-bug-prefill-report' function call external program: $ reportbug --template -T none -s none -S normal -b --list-cc=none --no-bug-script -q tomcat8 In interactive mode reportbug ask you for reviewing any modified files explicitly. "M-x debian-bug" shown files content also but I see usual text like at top: -- System Information: and didn't mind to scroll to part hidden bellow: -- Configuration Files: I would like to see basic handler that looks for reasonable selected keywords: user, password, passwd, pass, 123456, host, port <== any other welcome! and warn user that there are possible authentication data leak! I think that this help bite 90% of authentication info data leaks. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (200, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages debian-el depends on: ii bzip2 1.0.6-8 ii dpkg 1.18.3 ii emacs 46.1 ii emacs23 [emacsen] 23.4+1-4.1+b1 ii emacs24 [emacsen] 24.5+1-3 ii file 1:5.25-2 ii install-info 6.0.0.dfsg.1-3 ii reportbug 6.6.5 Versions of packages debian-el recommends: ii dlocate 1.02+nmu3 ii groff-base 1.22.3-1 ii wget 1.16.3-3 Versions of packages debian-el suggests: pn gnus <none> -- no debconf information -- Best regards!
