[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #18 from Cor Nouws --- In bug 120269 I've proposed to work on a better warning. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Cor Nouws changed: What|Removed |Added See Also||https://bugs.documentfounda ||tion.org/show_bug.cgi?id=12 ||0269 -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 QA Administrators changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |INSUFFICIENTDATA -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #17 from QA Administrators --- Dear Gabor Kelemen, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-FollowUp -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #16 from QA Administrators --- Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #15 from Xisco Faulí --- (In reply to Thorsten Behrens (CIB) from comment #14) > (In reply to Cor Nouws from comment #13) > > (In reply to Gabor Kelemen from comment #0) > > > ... > > > I don't think this warning alone is enough. Scrubbing the sensitive data > > > would be a minimum. > > But that is not actionable I'm afraid (and also defeats the purpose of this > feature, which originally came from QA). > > I see two ways forward: > * improve what we have (extra warnings, hide the feature some more) within > the scope of this bug > * file a separate enhancement issue, that will then need UX (and other > stakeholder) input, if/how/whether this can be implemented entirely > differently > > Back to NEEDINFO. @Gabor, could you please answer Thorsten's comment above ? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Thorsten Behrens (CIB) changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #14 from Thorsten Behrens (CIB) --- (In reply to Cor Nouws from comment #13) > (In reply to Gabor Kelemen from comment #0) > > ... > > I don't think this warning alone is enough. Scrubbing the sensitive data > > would be a minimum. But that is not actionable I'm afraid (and also defeats the purpose of this feature, which originally came from QA). I see two ways forward: * improve what we have (extra warnings, hide the feature some more) within the scope of this bug * file a separate enhancement issue, that will then need UX (and other stakeholder) input, if/how/whether this can be implemented entirely differently Back to NEEDINFO. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Cor Nouws changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #13 from Cor Nouws --- (In reply to Xisco Faulí from comment #11) > Dear Gabor Kelemen, > Could you please provide a better phrase for the UI and set this bug back to > NEW ? He suggests more than just a better wording: (In reply to Gabor Kelemen from comment #0) > ... > I don't think this warning alone is enough. Scrubbing the sensitive data > would be a minimum. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #12 from QA Administrators --- Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping-20181009 -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Adolfo Jaymechanged: What|Removed |Added Blocks||108571 Referenced Bugs: https://bugs.documentfoundation.org/show_bug.cgi?id=108571 [Bug 108571] [META] Safe mode bugs and enhancements -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #11 from Xisco Faulí--- (In reply to Thorsten Behrens (CIB) from comment #9) > As it stands, this bug report does not seem actionable - setting to NEEDINFO > > (ideas how to scrub that is fool-proof, how to better phrase the UI warning > etc etc needed) Dear Gabor Kelemen, Could you please provide a better phrase for the UI and set this bug back to NEW ? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Xisco Faulíchanged: What|Removed |Added CC||xiscofa...@libreoffice.org --- Comment #10 from Xisco Faulí --- FYI: I'm deleting user profiles I'm finding in Bugzilla as attachments that might contain sensitive data. If you find any that needs to be deleted, please, let me know. I'll also add it to the QA script, so I'll be notified when registrymodifications.xcu is added as attachment in the future... -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Thorsten Behrens (CIB)changed: What|Removed |Added Status|NEW |NEEDINFO CC||t...@libreoffice.org --- Comment #9 from Thorsten Behrens (CIB) --- As it stands, this bug report does not seem actionable - setting to NEEDINFO (ideas how to scrub that is fool-proof, how to better phrase the UI warning etc etc needed) -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #8 from Cor Nouws--- (In reply to Andras Timar from comment #5) > The problem is that users will press OK, then they will regret later. Their > data "will be publicly available and cannot be deleted" (quote from our > bugzilla's front page). > > At least, please document how to disable this feature. See comment #0 for what will be disclosed when users click OK without searching through all the lines for sensible data. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #7 from QA Administrators--- ** Please read this message in its entirety before responding ** To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #6 from Samuel Mehrbrodt (CIB)--- (In reply to Andras Timar from comment #5) > The problem is that users will press OK, then they will regret later. Their > data "will be publicly available and cannot be deleted" (quote from our > bugzilla's front page). > > At least, please document how to disable this feature. Which feature? There is no automatic upload happening. Safe mode just offers to create the zip file. Users still need to manually send/upload it somewhere. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #5 from Andras Timar--- The problem is that users will press OK, then they will regret later. Their data "will be publicly available and cannot be deleted" (quote from our bugzilla's front page). At least, please document how to disable this feature. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #4 from Cor Nouws--- (In reply to Michael Meeks from comment #3) > "This may include personal details from the settings, and also connection > details for remote servers" And the idea is that users (..) then click "OK do send this" :) ? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 --- Comment #3 from Michael Meeks--- Does tweaking the legend do it for you ? if so how ? Would a tooltip when you mouse-over the button/label with some more text: "This may include personal details from the settings, and also connection details for remote servers" Or somesuch work ? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode
https://bugs.documentfoundation.org/show_bug.cgi?id=104992 Samuel Mehrbrodt (CIB)changed: What|Removed |Added Summary|Unintended information |Possible information |disclosure via Safe Mode|disclosure via Safe Mode --- Comment #2 from Samuel Mehrbrodt (CIB) --- I removed the "unintended" from the title. This is by design. Maybe you have a suggestion how to improve the message? I don't see much we can/should do here. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs