[jevinskie]

What a wonderful insight into the gritty world of open-source software. Scratch that, "software that is used externally" is more fitting. I find that the most offensive (in that we should improve and fix the issue) waste of time at my company is when we are treading water during the back and forth communication to a customer while trying to solve a bug. Lack of log files, reproductions, use cases, version numbers, environment details, etc. Don't forget time zone differences, introducing a very painful days latency.

It isn't our customer's fault - some inside have championed for a product feature that creates a "bug report bundle" containing useful details that will assist the debugging developer at my company. Since the product deals with sensitive customer data, this feature has been deemed a non-starter. Does anybody know how to streamline this particular process where sensitive data is involved? It is like trying to drive blind in a woefully slow car!

[wladimir]

We have the same problem with Bitcoin. On one hand we'd love a system that automatically collects a stack trace, memory dump, information about the environment on a crash and sends it to us (like Google Breakpad does). On the other hand it opens a whole can of worms if accidentally a private key is sent. Encryption is no solution in this case; the data still is stored somewhere which could be compromised. It's very hard to automatically collect diagnostic data without potentially collecting sensitive data...

[lenidot]

Yep, the zindus addon has this problem. Very hard (impossible?) to do something automatic and risk free.

I'm not happy with the answer that I settled on with zindus: http://zindus.com/i/reporting-bugs because there is a lot of sensitive information in a logfile.

Even when someone gives permission and sends you a logfile, if there is sensitive data it creates a maintenance burden on your end to deal with it appropriately.

One (not very good) idea: pass the diagnostic data through some sort of anonymizer. Unappetizing because it would involve a lot of work and would need heuristics that could only be learned through trial and error.