I would say that the password example should be logged at most as an
INFO message, so one shouldn’t normally receive a message for that (not sure if it’s actually the case, I have to check the source code).
Theoretically one could modify the
[handlers] > email section in
logging.yaml and add a filter that only leaves specific messages in. The problem is that filters cannot be specified in a declarative way (see this post, for instance). A hack would be to create your own Python module containing your filter’s code and make it available from the virtualenv where Indico is installed.
If someone has ideas for a better way to manage this in the future (while stil making use of the
logging module), suggestions are welcome