Developer's path and username is persisted in the error stack

I noticed in my error stack traces paths like:

[2] top-level scope at /Users/sabae/buildbot/worker/package_macos64/build/usr/share/julia/stdlib/v1.2/Test/src/Test.jl:1113

First, this path is not correct: it’s not a path on my system, so the information has 0 value.

Second, I’m concerned with the potential privacy implications of this. It’s easy to guess that sabae is Elliot Saba, for example.

As Julia is adopted into enterprise this can lead to possible security breaches (revealing paths and usernames on computers which can be available on the network) or privacy issues (maybe somebody can not / is not allowed / does not want to be associated with a codebase).

2 Likes

The first issue is well known, and there is at least one issue open on the issue tracker for it.

I can’t see how the second issue is a problem, unless you’re dumping error stacktraces to your users (which for a webservice, one should never do in prod). Admittedly, Mux does this, however I have a PR open to make it easy to change.

Great to hear it!