Github user steveloughran commented on the issue:
https://github.com/apache/spark/pull/17080
thanks. One thing I realised last night is that logging the session token,
even at debug level, would have been a security risk. So it's very good that
the log statement got cut, even at the cost of making it slightly harder to
track down where credentials came from.
One thing which could be added to all the setters would be the use of
`Configuration.set(key, value, origin)` and set the origin to be something like
"Env var $varname on $hostname", so the provenance does get tracked. There's
not much which is offered in terms of examining that though; hard to justify
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
