On 2020-02-10 11:57, Josef Reidinger wrote:
Well, issue is that we log values for our UI terms (not in libyui, but when we construct values). So if you have e.g. password for your ftp server ( lets say ftp://user:password@myftp.com ) and you open dialog that allows edit this source e.g. packager if you use it for you repos, then you see in logs something like:
Then the bug is that those terms are logged. Since that logging is only ever useful when somebody is debugging the very low-level functions deep down, this should be ifdef'ed out by default. It's not as if any of us would EVER make use of that level of logging. If you want to see the widget tree, you can simply use UI.DumpWidgetTree() which does not leak any details that may be confidential like passwords; or use the YDialogSpy (Ctrl-Shift-Alt-Y). But we really shouldn't make life harder for us and for our users by potentially leaking confidential information and then trying to disguise that problem by y2log tarball permissions and disclaimers and whatnot. We need the y2logs for debugging and bug fixing. We need our users to be able to trust us with that. So we need to take the utmost care to NOT leak any confidential information. So please let's get rid of such logging leaks. The same is true, of course, for places where we dump complete data structures to the log that may also contain passwords. We may need special log functions in some places to replace such information with something neutral like "<password not logged>"; this is also important to build trust with our users. Kind regards -- Stefan Hundhammer <shundhammer@suse.de> YaST Developer SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton; HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org