launchpad-reviewers team mailing list archive

[Colin Watson <mp+416150@xxxxxxxxxxxxxxxxxx>]

Colin Watson has proposed merging ~cjwatson/lp-signing:reduce-pii into lp-signing:master.

Commit message:
Avoid logging key descriptions

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/lp-signing/+git/lp-signing/+merge/416150

Key descriptions often include PPA key names, which include personally-identifying information (display names of users).  We don't really need to log those here - we can correlate request timestamps and (at least in successful cases) generated/injected fingerprints with other logs if we need to figure out which PPAs we're generating/injecting keys for - so it's good practice to avoid logging this PII so that we can retain logs for longer periods with clear consciences.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/lp-signing:reduce-pii into lp-signing:master.

diff --git a/lp_signing/model/key.py b/lp_signing/model/key.py
index a7e627a..39c902b 100644
--- a/lp_signing/model/key.py
+++ b/lp_signing/model/key.py
@@ -518,7 +518,7 @@ class Key(Storm):
         """
         common_name = cls._generateKeyCommonName(description, str(key_type))
         with _temporary_path() as tmp:
-            _log.info("Generating %s key for %s", key_type, description)
+            _log.info("Generating %s key", key_type)
             try:
                 if key_type in (KeyType.UEFI, KeyType.FIT):
                     private_key, public_key = cls._generateKeyCertPair(
@@ -579,7 +579,7 @@ class Key(Storm):
             the Signing Service (`datetime`).
         :return: The injected `Key`.
         """
-        _log.info("Injecting %s key for %s", key_type, description)
+        _log.info("Injecting %s key", key_type)
         if key_type in (
                 KeyType.UEFI, KeyType.KMOD, KeyType.OPAL, KeyType.SIPL,
                 KeyType.FIT, KeyType.ANDROID_KERNEL):