Someone fixed the security issue with --debug?
Curtis Hovey-Canonical
curtis at canonical.com
Fri Nov 7 19:16:12 UTC 2014
I am comparing the use of streams during the bootstrap of 1.20 and
1.21. I noticed that 1.21 no longer dumps the content of the
cloud-init script, which has user credentials and machine keys,
implicitly fixing this bug
--debug dumps sensitive information to terminal
https://bugs.launchpad.net/juju-core/+bug/1289038
If we can guarantee that --debug will never dump the content of the
script, agent config, and jenv files, we can mark this bug fixed. Juju
CI and also enable --debug for better logs too.
--
Curtis Hovey
Canonical Cloud Development and Operations
http://launchpad.net/~sinzui
More information about the Juju-dev
mailing list