Pulumi: Too much information is leaked about the git repository

Hi, I can pick this up if this is still open

Hi @cvhariharan

I'd love a PR that fixes this up 👍

The relevant code can be found around line 190 in pkg/backend/stack.go

P.

@stack72 Correct me if I am wrong or missing something. These lines seem to be the issue. Removing the GitAuthor and GitCommitter from here should fix the issue.

@cvhariharan you are correct! Apologies for the incorrect info here

Thanks for the issue report, and @cvhariharan for the patch. I left some comments on the pull request, but wanted to add more info here too.

Including the commit author information a long with a Pulumi update's metadata is useful, since it allows the Pulumi backend to know _who_ actually pushed the code. It is true that the information could be obtained from the source git repo by knowing the source hash, but I'd argue that it makes it more difficult to implement Pulumi backends.

The hosted backend, https://app.pulumi.com, can be replaced with another system to store your update data. Today we support file-based backends but over time there will be other high-quality options available to developers. For example, https://github.com/pulumi/pulumi/issues/5632 tracks persisting the data in a SQL database.

The problem with omitting the commit authors is that doing so then requires the Pulumi backend to have read-access to the source repo in order to answer the question who wrote the code that was used for the update. For a hosted service like http://app.pulumi.com it just means adding additional authorizations/permissions, but if the backend is only communicating with a SQL database then it essentially can't answer that question.

So I think we should continue to add the commit author/committer information in update metadata by default. However, it would be very reasonable to have an opt-out mechanism. Since the information isn't required for Pulumi to manage infrastructure, but rather is just included to help describe the context for a given update.