Privacy issue: Issue template is to "chatty"

[ho1ger]

I like to use issuetemplate because it helps providing important info to the developers. I am totally happy to share what apps I use, what device the instance is running on, etc. But I am not happy to share info that would allow others to identify my server, the url(s) it listens to, etc. In my opinion the following fields should be considered as SENSITIVE VALUE and REMOVED. I even doubt that this info is important for people debugging an issue...

• hostname (found in Operating system field)
• mail_domain
• datadirectory
• overwrite.cli.url
• instanceid (?)

Edit:
Probably a good starter issue. I've added some implementation hints here: #27 (comment)

[enoch85]

I'd like to add

• dbname
• trusted_proxies

Can we get attention on this @juliushaertl ?

Btw, thanks for the last update, it feels like 1.0. ;)

[e-alfred]

mail_from_address should be private too.

[Fiech]

I would also include:

• trusted_domains
• mail_smtphost
• and maybe even redis.host (or at least "localhost" or "external address")

in this list of unnecessarily extensive default information.

[enoch85]

@juliushaertl Any idea when this could be implemented?

I would do it if I knew how.

[juliusknorr]

@enoch85 Cannot make any estimations. I currently have a lot of other stuff todo.

If you want to dig into, it should be fairly easy. We need a list of the configuration keys that should be filtered and just work though the existing configuration items and remove them when they are in the list: https://github.com/nextcloud/issuetemplate/blob/master/lib/Settings/Admin.php#L248-L263

[enoch85]

@juliushaertl I feel you, same for me. Can't give much time to Nextcloud I'm afraid. :(

Keep it up!

[Fiech]

I could give it a shot on the weekend and make a pull request. Is this if-true-condition something left in there for testing purposes?

I've also noticed, that there would be the possibility to adjust the $sensitiveValues-Member in the SystemConfig-class, we maybe could adjust. Or you think this would be too intrusive?

[juliusknorr]

@Fiech That would be great. It would indeed make sense to create a PR against the server repo to have the sensitiveValues list updated there.