Giter VIP home page Giter VIP logo

Comments (1)

nsreed avatar nsreed commented on May 23, 2024

Excellent points.

I think I can create github issue templates to make this process a little bit easier. As for the specifics of the contents of the bug report (peers, and pubkeys), I'll have to mull this over. Looking for the community's thoughts on the following:

I don't have an expert understanding of what compromising data may be contained in the "peers" key (which is a key/value pair of the gun.root.opt.peers variable). While I haven't seen any identifiable data (WAN IP addresses or the like) in my local tests of this feature, this concern is still probably valid. If I included a checkbox to include/exclude that section from the bug report, would that be adequate (I can default to exclude it)?

Public keys are another issue. I understand not wanting to directly associate your public key to your github account. But I have limited options for dumping data that may be necessary to debug gun-specific problems. I'm open to suggestions about how to submit this data, if and when it becomes necessary for diagnosing problems. Off the top of my head, replacing instances of pubkeys with placeholder text may be an option, though a diligent stalker with enough time and resources could match the content of these records to your public key. I could limit the contents to something like metadata (just the update times for each field in the graph). I could also strongly recommend that users attempt to reproduce the bug using a new account. As with the peers key, would it suffice to make it optional to bundle this data with the bug report?

At the very least I need log messages, which for the time being, contain paths to specific nodes which may be problematic. This may also leak possibly sensitive information. I'm blanking on a way to gather useful data about the state of the database where someone may say "Item X didn't show up on my (User Q's) machine when User Y added it on their machine". De-identification of these data poses an interesting challenge.

In the mean time, and until these specific issues are addressed, I will add warnings about the disclosure of potentially personally identifiable information in the contents of the bug report JSON. I should also include clarification about how to submit these files, if not publicly as a github issue, then to me personally.

from ouronote.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.