I get the impression that often it isn't laziness but the concept that error det...

EvanAnderson · 2026-03-08T18:50:14 1772995814

In a message returned by a server to a client I suppose it's defensible. For writing to syslog, event log, a log file, etc, it's not.

superjan · 2026-03-08T20:39:53 1773002393

Yeah, along those lines we have requirements on never logging PII, and not logging anything that potentially contains PII, such as folder names.

justinclift · 2026-03-08T23:03:53 1773011033

Maybe tokenise the PII part of the folder name when outputting it?

ie `$HOME`/.config/foo/stuff.cfg` rather than `/home/joebloggs/foo/stuff.cfg`?

Terr_ · 2026-03-08T23:13:17 1773011597

Or have an encrypted data portion, so that the sensitive details can be revealed as-needed, and redaction occurs by rotating a key.

Obviously that depends on the messages being infrequent in production logging levels.