On Thu, May 29, 2014 at 4:25 AM, Nate Finch <[email protected]>wrote:
> Today I learned CI isn't running with --debug because they don't want to > expose sensitive data in their jenv... which gets logged when you run with > --debug. However, it also means that we don't get all our really useful > debug log messages when something breaks in CI. > > I made a fix for this (deleting the line that logs the jenv). Please let > me know if there's any reason we shouldn't do this. Logging people's > passwords/secrets is generally a big security no-no anyway, so I hope it > won't be controversial. > I'm +1 on not logging secrets, but I think not logging the .jenv at all will come back to bite us when we're debugging. It'd be better just to sanitise the output by using the EnvironProvider.SecretAttrs method. Also, we log the bootstrap script, and that contains the full bootstrap config. That needs to be sanitised (or suppressed) as well. > https://codereview.appspot.com/98580048 > > -Nate > > -- > Juju-dev mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju-dev > >
-- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
