Return-Path: 
 <dev-return-87550-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C870D1823F
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Sun,  3 Jan 2016 18:35:35 +0000 (UTC)
Received: (qmail 70121 invoked by uid 500); 3 Jan 2016 18:35:35 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 70061 invoked by uid 500); 3 Jan 2016 18:35:35 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 70047 invoked by uid 99); 3 Jan 2016 18:35:35 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jan 2016 18:35:35 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id D32D4DFCDF; Sun,  3 Jan 2016 18:35:34 +0000 (UTC)
From: DaanHoogland <git@git.apache.org>
To: dev@cloudstack.apache.org
Reply-To: dev@cloudstack.apache.org
References: <git-pr-1152-cloudstack@git.apache.org>
In-Reply-To: <git-pr-1152-cloudstack@git.apache.org>
Subject: [GitHub] cloudstack pull request: CLOUDSTACK-9099: SecretKey is
 returned fr...
Content-Type: text/plain
Message-Id: <20160103183534.D32D4DFCDF@git1-us-west.apache.org>
Date: Sun,  3 Jan 2016 18:35:34 +0000 (UTC)

Github user DaanHoogland commented on the pull request:

    https://github.com/apache/cloudstack/pull/1152#issuecomment-168527559
  
    @kansal I don't agree that making noise first is the way to go. We should disable the return of the key first and document it. Security demands that we play it that way. We can allow users to enable this insecure bahaviour by setting a flag somewhere but it should not be default and catch the unaware users of guard. It will be work in the integration tests but that just will have to happen.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---