Can a KDE Bugzilla ticket be marked as "private"?

I managed to crash Okular whilst modifying a document of OFFICIAL SENSITIVE PERSONAL classification from UKSV. In such an instance as this, all the security that’s necessary is to have it marked as private, as a precaution, when reported (it’s not like it was export restricted, else I’d be forced to just not report it!)

However, unlike at Mozilla ^[1] and Red Hat’s ^[2] instances:

1. You are not authorized to access this bug. To see this bug, you must first log in to an account with the appropriate permissions.

2. This bug is in the ‘Confidential’ Data Category and access to this data must be restricted as per the Data Reuse Policy.

…I don’t see an option to do so at KDE’s:

1. 

   Screenshot1279×719 42.2 KB

2. 

   Screenshot 2025-06-02 at 16-26-12 Enter Bug kde1024×1324 81.2 KB

1. bugzilla.mozilla.org/show_bug.cgi?id=1961606#private-bug-banner ↩︎

2. bugzilla.redhat.com/show_bug.cgi?id=2369810 ↩︎

Oh well. GNOME Abrt didn’t manage to privatise it despite me selecting the option, and from a cursory glance, there’s nothing important there:

Consequently, I’ll just report it, and NEEDINFO the triage assignee. I’m probably being unduly cautious. However, I want to know what the process is for the future.

I don’t think you are unduly cautious, however I am not sure this access level does even exist in KDE Bugzilla context.

If a comment or attachment is only visible to you it is pretty much useless for anyone else.

If the information is restricted to people with an account it is still pretty much public.

Companies could potentially make a distinction between employees and external users but that is not really something that a community like KDE can replicated in a meaningful way.

@krake, what you describe already applies to Sentry, however.

Is that a publicly accessible service?

@krake, I’ll consider that rhetorical. (In retrospect, merely linking to sentry IDs in BZ definitely doesn’t count as a mixed-access platform.) However, could whether an account is able to access Sentry not act as the distinction? EDITBUGS isn’t sufficient on Mozilla’s instance: theirs is permissions granted by the SSO portal.

I don’t know anything about BugZilla, maybe that is something you already have to take into account during setup?

If not that might be a possible option.
Something like Sentry just didn’t exist before.

I think the only channels with restrictions are the security issue reporting address and the community working group contact

Thanks. I’ll try filing a ticket about it, since I imagine the security issue reporting address would be better served by Bugzilla regardless. Alternatively, GitLab should provide this, but Dr. Konqi isn’t configurable in that manner (yet).

I read this quickly but I believe what you want to do is fill in the Crash Handler dialog and click the Preview Report button to see all the information that will be sent. Then you can confirm no sensitive information is contained in it before sending it.

Bugzilla comments (and the bug description field which is technically just comment #0) can be marked as private but only by an Admin. So you would need to find an Admin (SysAdmin Matrix Channel is a good place) and report the bug when an Admin is around and have them make the comment(s) private.

@Justin, I dare say that if I could read stack traces, I’d make more actionable reports… Not quite at that level yet.

If #kde-sysadmin:kde.org is the correct place, I’ve asked there. Thanks.

Yes that is the correct place.

As for stack traces I’m 99% sure they don’t ever contain user data, only information about the libraries in use and functions within them.

Posted bugs.kde.org/show_bug.cgi?id=505177 about this.

That seems like an obstacle to reporting a bug, still, and burdensome on Admins as well as bug reporters.
I’ve also come across bugs where the files involved are confidential to a client: if not the whole bug report, it would be helpful if attachments could be marked as confidential.
Thanks and regards