adnanhemani commented on PR #2962: URL: https://github.com/apache/polaris/pull/2962#issuecomment-3505090010
> Let's assume we take 1 week of work per event. We have 150+ events. This effort would take almost 3 years to complete. I don't think a vast majority of events will require more than a few minutes of verification. The ones that will take a longer time can be temporarily not supported while the community works on them. Sure, it's more than a day's worth of effort to get this to work, but still worth it IMO in comparison to inadvertently introducing known security concerns. Here's what I can suggest to continue moving things forward: * A quick screening of payloads to verify there is no security concerns with the payloads being sent. If an event is flagged for potential issues, remove it from being emitted with a TODO for later fix. * A known-to-work approach (approved by the community) for how do we redact (and/or strategically omit) information that may be nested within the Events payloads, as that will be necessary for the above point. WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
