In the GitHub diagnostic logs, the runner logs information that can be considered "Personally-Identifiable" (e.g. names, emails), either from the GitHub context, or from the regular info/warning/debug messages.
@patrickcarnahan made a good point on exploring the need to scrub PII data out of the logs:
GH will (likely) eventually want the same types of certifications that MS has for data sovereignty, right to be forgotten, etc, as some customers may depend on these types of features and certifications to use the products.
This issue tracks the effort of figuring out what sort of information we need to scrub in order to comply with such certifications.
In the GitHub diagnostic logs, the runner logs information that can be considered "Personally-Identifiable" (e.g. names, emails), either from the GitHub context, or from the regular info/warning/debug messages.
@patrickcarnahan made a good point on exploring the need to scrub PII data out of the logs:
This issue tracks the effort of figuring out what sort of information we need to scrub in order to comply with such certifications.