I think it makes more sense to white list what we actually want to prevent issues like this in the future. I mean if we add code to update-manager to write another log file that ends up containing sensitive information we could end up with another CVE like this.
I think it makes more sense to white list what we actually want to prevent issues like this in the future. I mean if we add code to update-manager to write another log file that ends up containing sensitive information we could end up with another CVE like this.