adnanhemani commented on PR #2962: URL: https://github.com/apache/polaris/pull/2962#issuecomment-3524852666
Hi @vchag - I believe this mailing list thread is particularly relevant to how we want to move forward in the medium- to long-term: https://lists.apache.org/thread/xonxwf9b38t9cxo841r0hn1b34plf7og. I'm still formulating my opinion on this and may require a few days to craft a response (sorry, am very busy the last few days!) For the short-term, I think we may be at a standstill, unfortunately. I'm still not comfortable with merging this unless the points I listed in my last comment are addressed: > * A quick screening of payloads to verify there is no security concerns with the payloads being sent. If an event is flagged for potential issues, remove it from being emitted with a TODO for later fix. > * A known-to-work approach (approved by the community) for how do we redact (and/or strategically omit) information that may be nested within the Events payloads, as that will be necessary for the above point. I understand it may take some time to review each payload. I know I am making this more difficult on a principled stance, so what I am willing to help with is to help review some of the payloads alongside you, if you are willing to coordinate it (feel free to reach out on the Polaris slack, if that's faster for you :) Apologies for the state we are in, I do definitely empathize with you (I have been in your exact position) - but unfortunately I, personally, cannot overlook the security concerns here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
