On Fri, Mar 25, 2022 at 11:36 AM Patrick Matthäi <patr...@linux-dev.org> wrote: > > Hello Andreas,
Hello Patrick, > > a) remove fuse build-depends and Depends, since they are not needed > > b) either disable fusermount-glusterfs, or install it suid root, or > > leave it as is, but document that for it to work the admin needs to > > chmod u+s that binary and use dpkg-statoverride to not lose that > > during upgrades. > What would be your favorite for b)? I think I would prefer (b) + document that if the user wants unprivileged mounts to work, they need to make the helper suid root, and it should be a local site decision, not a packaging one. Where to document, I think a README.Debian is best. In fact, I got feedback from our security team strongly advising against making that helper suid root in the packaging :) The fact that no-one filed a bug about not being able to do unprivileged gluster mounts yet I think means either it's not used, or people know how to fix it. But packaging wise it's ok and better without the suid root. > > It would be helpful if you could double check my findings, and then > > maybe we could drop the fuse build-depends and depends? Unless I > > overlooked something. > Looks fine and I think you are more in this topic than myself now :D About the build deps, I kept them in Ubuntu, as they are not introducing bugs or other problems for us at the moment, but I still think they are not needed.