Heiko

During our work towards openpgp-card v0.5 (fosstodon.org/@hko/11252048626), we wondered how to deal with secrets in log files.

It's often good if secrets are redacted in logs: This avoids accidental publication of a user PIN (or decrypted payload) in bug reports.
On the other hand, it can be useful for a developer to have full and verbatim logs (including secrets) for debugging.

We started work on this, but would like to hear from you. What should we do?

#smartcard #logging #OpenPGP #debug #RustLang

33 people · May 31, 2024, 20:20
1+
applejack
Follow

@hko I would not want secrets being logged unless I VERY EXPLICITLY tell it to. Should not be a side effect of changing logging level from debug to trace

· · Web · 0 · 0 · 1
Sign in to participate in the conversation
Game Liberty Mastodon

Mainly gaming/nerd instance for people who value free speech. Everyone is welcome.

Trending now

Resources

Developers

What is Mastodon?

gameliberty.club

More…

v3.5.19 · Privacy policy