sbp commented on issue #245: URL: https://github.com/apache/tooling-trusted-releases/issues/245#issuecomment-3488474823
We also need to review which options really belong in there. The LDAP password is clearly a secret, but the DN is a bit of a grey area. I don't think it's public, but it's also not a disaster if it's leaked, unlike the password. We don't necessarily want our internal service accounts to be made public. It may appear that the logging public key is obviously public, but I was using it for secure communication to myself and so again, like a service account, it's not actually something that is public. The PubSub URL is convenient to group with the others even if it's not a secret, but we should probably draw a line somewhere. We should make a reasonable policy that helps us to decide what is a secret and what is not, and adhere to it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
