On Mon, Oct 28, 2013 at 12:42 AM, Ori Livneh <[email protected]> wrote: > I think that the proper way to handle low-level operational data like > stack traces is to make it clear that it is liable to contain > sensitive information, and to make no pretense at all of sanitizing > it.
I don't think the idea here was to ever make the stack traces *safe*, just to redact the most obvious things to reduce the risk if someone carelessly posts a stack trace publicly. Personally, I think the "Java model" as exemplified in https://gerrit.wikimedia.org/r/#/c/92334/ PS3 goes too far in the other direction. In this case, an option to log unredacted traces that I could enable on my local test wiki would be useful. -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
