Clarify PII-related Breaking Change in v1.6.0

Question

Clarify PII-related Breaking Change in v1.6.0

tooolbox opened this issue 4 years ago · comments

I saw the release of v1.6.0 which states:

The errors.New(), errors.NewWithDepth(), errors.Wrap() and
errors.WrapWithDepth() now consider their string argument as
PII-free, and the string is now also included in Sentry reports.

What I get is that the string arguments to these functions are not expected to have PII in them and therefore will not be redacted when submitting to Sentry.

This is a breaking change if your code uses the included
Sentry reporting: in previous versions, only the format
argument to errors.Newf, errors.Wrapf etc was considered to be
PII-free and non-reportable. With the new version, more strings
are reportable.

This seems contradictory. PII-free and non-reportable? You mean PII-free and reportable?

The readme may require some updating: https://github.com/cockroachdb/errors#providing-pii-free-details

Also, some more examples in that section would be appreciated if you have the time. The listing is very detailed, but some concrete examples wouldn't be remiss, i.e. showing some mock code that is handling user data, it encounters an error, and how the error is wrapped and returned and detailed and telemetried such that it provides context without PII. I'm also curious what differentiation you make between Sentry reports and plain old log files.

Thanks for the great stewardship!

Raphael 'kena' Poss · Answer 1 · Thu Aug 20 2020 20:41:25 GMT+0800 (China Standard Time)

I saw the release of v1.6.0 which states: [..]
What I get is that the string arguments to these functions are not expected to have PII in them and therefore will not be redacted when submitting to Sentry.
[...]
This seems contradictory. PII-free and non-reportable? You mean PII-free and reportable?

Good comment. Changed this as follows:

Let me know if this needs to be enhanced further.

The readme may require some updating: cockroachdb/errors#providing-pii-free-details

good point, will do

Also, some more examples in that section would be appreciated if you have the time. The listing is very detailed, but some concrete examples wouldn't be remiss,

I think I'd prefer to do this with a series of blog posts. Also I have a new test engine coming which will do a better job of explaining by example. Will ping you on this.

Raphael 'kena' Poss · Answer 2 · Thu Aug 20 2020 22:50:47 GMT+0800 (China Standard Time)

good point, will do

Done

Matt Mc · Answer 3 · Fri Aug 21 2020 02:46:18 GMT+0800 (China Standard Time)

Good comment. Changed this as follows:

Definitely more clear, thanks.

Done

The README looks great and I have a much better concept on the PII handling!

I think I'd prefer to do this with a series of blog posts. Also I have a new test engine coming which will do a better job of explaining by example. Will ping you on this.

Awesome, looking forward to it.