Comments (5)
@tschmidtb51 Do you think that logging is too verbose?
Access to the web-interface and the api is expected only from people who want to upload documents and my thinking is that I would like to log who used these interfaces for an audit trail.
(Another use is analyzing failed login attempts, to see which issuer string was registered precisely.)
from csaf_distribution.
I guess, my main point here is, that this should not be logged as a "error" when it is in fact not an error...
I like logging of fail attempts as errors. No disagreement on that part.
But successful attempts shouldn't be logged as errors (that is confusing). Moreover, that might be a privacy issue 🤔
from csaf_distribution.
I first thought that way too: error
and SUCCESS
both in one line ... but then I noticed the continuation and the fact that the tool reads something not mapping to "nil" in golang on std error - so maybe that is not easily "fixable"
from csaf_distribution.
that this should not be logged as a "error"
Technically this comes from how fcgiwrap does it logging. We could do extra logging, but the question is if the extra complexity is worth it.
Moreover, that might be a privacy issue.
An audit trail maybe required for operating the service. But yes, deletion of logfiles and potential written agreements would be a topic for operating the service, so I'd guess it is out of scope for the software development. The emitted log information could be thrown away on the operation side. Usually it is a good idea to let the operators decide on what they need and how they want to solve this.
from csaf_distribution.
Let's discuss that in our next status meeting.
from csaf_distribution.
Related Issues (20)
- Licensing of generated files HOT 3
- Improve logging for `csaf_aggregator` when no config file is present HOT 1
- Complete transition to structured logging for aggregator
- Some error messages from loading `provider-metadata.json` are dropped HOT 2
- Race condition on csaf_downloader HOT 1
- Release next minor version (3.1.0)
- Release first pre-release version
- Missing fingerprint in PMD leads to an error HOT 9
- Validation: validate provided CSAF against requirements of specific CSAF profile HOT 1
- Go-Library: Create a Go-structure that can be used to model any csaf-document
- Go-Library: Add the ability to import a csaf-document into a go-structure and export it
- Go-Library: Add the ability for basic modifications to a csaf-document-representing go-structure
- Go-Library: test and create version-strings
- Go-Library: Documentation
- Go-Library: Calculation of cvss values
- Go-Library: add product id where necessary if none are provided
- Go-Library: list corresponding sets of product_identification_helpers and product_ids
- Go-Library: Function to return VEX Mapping
- Go-Library: Calculation of full_prodcut_name_t/name
- Go-Library: Create a method to check whether a go-structure uses valid patterns to be a csaf-document
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf_distribution.