If a git command fails, the full contents of env vars may be printed to git-clone logs, including secrets (access tokens, etc.). This is not desirable.
This seems to be a direct effect of these lines in env-pass.sh.
|
# Redirect to stderr so as to not interfere with the stdout needed for username/password prompts |
|
printenv >&2 # Do not try echo "$GIT_PREFIX", it doesn't seem to be inherited by this process |
@sgaist Do we print the environment just for debugging?
If a git command fails, the full contents of env vars may be printed to
git-clonelogs, including secrets (access tokens, etc.). This is not desirable.This seems to be a direct effect of these lines in
env-pass.sh.amalthea/env-pass.sh
Lines 6 to 7 in aa94b0b
@sgaist Do we print the environment just for debugging?