This tracing may cause a security issue as some external tools
out there expects user to set credentials in environment variables.
As I mentioned in the ticket if this feature was not used widely we could consider just dropping it. Since it has never been useful to me, I assumed there was not much use for it. Of course this assumption could be wrong.
If we were to make this opt-in, there would be a few ways to do it:
- Add a RTS flag to enable this feature: -le or something like that.
- We need to think whether or not it should be included in +RTS -la. I'd say this shouldn't be included but it complicates the flag semantics.
- Drop it from GHC RTS and provide a library to do it.
- This requires access to source code to use the feature, which is not an option if the program is closed source.
I'm not sure if my assumption is correct but my gut feeling is that we can live without the feature. What do you think?