Hi all, keep in mind that URL may contain a user name and a password. When an URL with password is logged to y2log the password should be hidden for security reasons (see bnc#441944). There are new functions URL::HidePassword() and URL::HidePasswordToken() for hiding the password in an URL (added in yast2-2.17.47). The first one takes an URL string as the input, the second one takes a map (as returned by URL::Parse() function). Both functions replace the password by string 'PASSWORD' so we can detect in y2log that an URL with password was used. So instead of y2milestone("Adding repository %1", url); use y2milestone("Adding repository %1", URL::HidePassword(url)); Fortunately libzypp hides the password by default so there should not be many places which logs a full URL. And of course, this won't help if Y2DEBUG is enabled. We would need a new datatype or a flag in the interpreter to fix it with Y2DEBUG enabled. -- Best Regards Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org