Over time I gathered more than 10 launchpad bug reports that were reported with apport, initially marked as private and never responded to.
There was one I've discussed additionally on IRC and that's the only one I can remember being processed.
What should I do with them? How can I make sure they don't contain anything really private before making those bugs public?
Best Answer
As a member of Bug Control, I've had to work with these private bugs on occasion. There is a specific policy on handling private bugs, and checking for specific information.
For crash bugs, the general thing you have to look for in the private bugs are core dumps and any stacktraces that may be on the bug. If a core dump is attached, remove it. If there's stacktraces attached, look through them and identify any possibly private data in the stack trace. If there looks to be private data, then what you have to do is download the stacktrace, edit out the private data, upload the edited version, then remove the old version.
As well, find any other Personally Identifiable Information, or private information, such as social security numbers, account numbers, passwords, etc., and try and edit those out as well.
For other private bugs, it depends, since there are separate policies for private security bugs which I am not privy to as those are handled by the Security team, and it likely would only be "Private Security" marked if the bug was legitimately a security risk that they could not publicize the information for.
There can also be private bugs that are not against the Ubuntu packages but are against other projects on Launchpad (i.e. not the Ubuntu project or an Ubuntu package). For those bugs, the managers of that project will be setting forth the policies for those bugs.
Additional information on how to triage Apport crash reports and other private bugs in Ubuntu can be found on the Ubuntu Wiki, in the How to Triage guide, as part of the Bug Squad's knowledge base. The link will automatically point you to the "Apport reports" section, however for the most up to date information on triage guidelines you should refer to that wiki document.