Skip to content

Define a "redactable" trait, and use it when logging guard info

Nick Mathewson requested to merge nickm/arti:redacted into main

This provides a better solution for #627 (closed), and may be the basis of #556 (closed).

Concernts:

  • I'm not sure I like how it looks next to our our sensitive APIs.
  • It does tend to require a bunch of intermediary implementations, whereas sensitive doesn't.
  • I still have the concerns from #627 (closed) that logging 2 bytes per guard may be too much under some circumstances.
  • I'm not sure that the debug variant is necessary; maybe calling Debug on a Redacted should just call Display and wrap the result as an escaped string.

Assigning review to @Diziet based on earlier comments on #627 (closed), but I wouldn't mind feedback from eta too about design here.

Merge request reports

Loading