Hi -
> [...] What I want is simply make it easy for the user to say where > they expect the sources are. So there is no surprises. If this were a mandate, it would be a hassle, for any build that's more than one directory wide. > > The -F mode is suitable for sharing build trees. By definition, the > > content is going to be up to the runtime whims of the system, because > > even non-/usr/include files may change between one build and the next. > > This is okay, it is just like running gdb on an older binary when the > > source trees have changed. (We even propagate mtimes to the client, > > so gdb can notice it the same way as if it were local.) > > -F mode does indeed seem suitable for sharing local build trees. If > we add a big warning about it possibly sharing all local files. OK, will add a cautionary blurb to the man page. > > The compiled-in default for the binary is off. The systemd service > > default, it happens to be on, but it's configured to serve only > > privileged directories that people with bad compilers cannot sneak > > binaries into. People running personal servers can/should use -F as > > they see fit. In the context of a normal workgroup - it's fine. > > So -F seems fine for the later, just not for the former. IMHO, even the former seems okay and even desirable: debuginfod -F /usr/lib/debug is a safe & easy way to relay the contents of all the debuginfo rpms that were installed, to nearby clients. All those binaries come from packages/distros, so are at least as high quality & trustworthiness as the user's own. Again I offer to do an audit of some distro debuginfo that all their source refs are milquetoast like /usr/include or /usr/src/debug. > > System certs do not serve to authenticate clients. Client > > certificates are per-user things that come with their own management > > headaches. Will think about authentication matters in the future. > > I thought ca-certificates.crt were normally used to authenticate > remote servers. ca-certificates.crt types of files (or /usr/share/pki/ files) are the trust roots for validating the *servers'* certificates. They are generally provided by the distro, so can't possibly serve as unique *client* authentication. - FChE