Open haydentherapper opened 1 year ago
See https://github.com/sigstore/fulcio/blob/main/pkg/server/error.go#L42, all request errors are logged as errors regardless of if it's due to the user (4xx) or server (429, 5xx). This leads to a lot of errors in the logs that are due to malformed JWTs.
We should differentiate between user errors and server errors. User errors should be at most WARN, but for JWT errors, I would remove logging entirely since there's nothing actionable to do.
See https://github.com/sigstore/rekor/blob/924fb3a0a64c8785d5ce8cd908c4299126582133/pkg/types/error.go#L18 as an approach
haydentherapper
commented
1 year ago
See https://github.com/sigstore/fulcio/blob/main/pkg/server/error.go#L42, all request errors are logged as errors regardless of if it's due to the user (4xx) or server (429, 5xx). This leads to a lot of errors in the logs that are due to malformed JWTs.
We should differentiate between user errors and server errors. User errors should be at most WARN, but for JWT errors, I would remove logging entirely since there's nothing actionable to do.