Amit Jain created SLING-10227: --------------------------------- Summary: Improvement in distribution logging to log id generated for binary reference and not log reference Key: SLING-10227 URL: https://issues.apache.org/jira/browse/SLING-10227 Project: Sling Issue Type: Improvement Components: Content Distribution Reporter: Amit Jain
PackageDistribution also logs the binary reference which might log implementation details leaking out some secrets. Proposed [change|https://github.com/apache/sling-org-apache-sling-distribution-journal/compare/master...amit-jain:master] which is now upstaged with recent [changes|https://github.com/apache/sling-org-apache-sling-distribution-journal/blame/479dcb4f9784a152ebcc3a37fa6e172544754911/src/main/java/org/apache/sling/distribution/journal/impl/publisher/DistributionPublisher.java#L281-L282]. [~tmaret] What's the way forward, I think we should only log certain elements and not all the package contents which besides the security issues can be quite heavy -- This message was sent by Atlassian Jira (v8.3.4#803005)