Many projects ask to share lots of logs when reporting issues. It’s difficult to go through all the logs and redact informarion such as usernames, environment variabled etc.

Any ideas on how to anonymize logs before sharing? Change your username to something generic?

  • derek@infosec.pub
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    This is admittedly a bit pedantic but it’s not that the risk doesn’t exist (there may be quite a lot to gain from having your info). It’s because the risk is quite low and the benefit is worth the favorable gamble. Not dissimilar to discussing deeply personal health details with medical professionals. Help begins with trust.

    There’s an implicit trust (and often an explicit and enforceable legal agreement in professional contexts (trust, but verify)) between sys admins and troubleshooters. Good admins want quiet happy systems and good devs want to squash bugs. If the dev also dons a black hat occasionally they’d be idiotic to shit where they eat. Not many idiots are part of teams that build things lots of people use.

    edit: ope replied to the wrong comment