On Mon, Oct 28, 2013 at 12:42 AM, Ori Livneh ori@wikimedia.org wrote:
I think that the proper way to handle low-level operational data like stack traces is to make it clear that it is liable to contain sensitive information, and to make no pretense at all of sanitizing it.
I don't think the idea here was to ever make the stack traces *safe*, just to redact the most obvious things to reduce the risk if someone carelessly posts a stack trace publicly.
Personally, I think the "Java model" as exemplified in https://gerrit.wikimedia.org/r/#/c/92334/ PS3 goes too far in the other direction. In this case, an option to log unredacted traces that I could enable on my local test wiki would be useful.