Is there any specific guidance for what's appropriate or not appropriate for my tool
to be logging?
I'm using OAUTH, so my tool knows the identity of the user. I assume I don't want
to be logging that. Or, is it OK, as long as the logs stay within toolforge?
For debugging purposes, I'd like to log some kind of unique session and/or request id,
which I'd expose to the user via the tool's U/I and ask that they report those as
part of any bug reports. Are there any issues with that?