On Sun, 2018-12-09 at 19:45 +0000, Dmitry Bogatov wrote: > by default reportbug(1) includes content of ~/.devscripts when > reporting > bugs in devscripts. Problem is that it can contain sensitive > information (at least SALSA_TOKEN, maybe something more).
The only other setting which previously existed that could contain sensitive information is BTS_SMTP_AUTH, and the bugscript already filters that out; it can / should simply also do so for SALSA_TOKEN. Regards, Adam
