Eventlog framework outputs environment variables which may cause a security issue
The eventlog framework currently writes all environment variables to the eventlog file. This may cause a security issue as some external tools expect user to set credentials in environment variables. It's possible for the user to publish an eventlog which contains credentials without knowing it.
In general it's not a good idea to set credentials in environment variables but I think GHC should stop writing environment variables to the eventlog implicitly and this feature should be opt-in.
I'm not sure if this feature is widely used or if we can just drop it. If it's used to some extent maybe we can provide a function that does this job in a library.