From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 54969 invoked by alias); 21 Nov 2019 15:58:00 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 54952 invoked by uid 89); 21 Nov 2019 15:58:00 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:1585, act, you! X-Spam-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-2.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (205.139.110.61) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 21 Nov 2019 15:57:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574351877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fPZtsRfEXykqsXWFMVLtRpC2O54IQTEY3GjA/37uwFg=; b=BYyezXJh6Gkm1/TQd95rn88Rzc1eSEF1xJpM934OEtVx5MC0dzGYbD6QLrXcFaHVSSjZ6b 3KSUnwgmRXwS53LbhHI5WSD6TB1fXfis1saS2OkyPWwGagIebQxabx+jhYEnvF5PBPxiXY 3wWKDKnnsOwh6OGmOgy0TOI/omXSxGc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-102-2LUojYUXM4mI9jc0BCucYg-1; Thu, 21 Nov 2019 10:57:54 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 09230802D52; Thu, 21 Nov 2019 15:57:53 +0000 (UTC) Received: from redhat.com (ovpn-116-19.phx2.redhat.com [10.3.116.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DD769106F95C; Thu, 21 Nov 2019 15:57:52 +0000 (UTC) Received: from fche by redhat.com with local (Exim 4.92) (envelope-from ) id 1iXoq7-0005cV-8n; Thu, 21 Nov 2019 10:57:51 -0500 Date: Thu, 21 Nov 2019 15:58:00 -0000 From: "Frank Ch. Eigler" To: Mark Wielaard Cc: elfutils-devel@sourceware.org, amerey@redhat.com Subject: Re: patch 2/2 debuginfod server etc. Message-ID: <20191121155751.GE12001@redhat.com> References: <8d0b26865cc18838c24ea57c09f4ee5af713af16.camel@klomp.org> <20191114122953.GC873@redhat.com> <20191118184108.GC2880@redhat.com> <52e9358695f8486af6e4e467660c971a1e97c02f.camel@klomp.org> <20191119161348.GB4911@redhat.com> <20191119201128.GA3494@wildebeest.org> <20191119211503.GF4911@redhat.com> <7f1273e6dbfd52b95e9f8e86f6096fe46e800745.camel@klomp.org> <770d563fc3cb0681678c919024edcd5ce13d874a.camel@klomp.org> MIME-Version: 1.0 In-Reply-To: <770d563fc3cb0681678c919024edcd5ce13d874a.camel@klomp.org> User-Agent: Mutt/1.12.0 (2019-05-25) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: 2LUojYUXM4mI9jc0BCucYg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-IsSubscribed: yes X-SW-Source: 2019-q4/txt/msg00198.txt.bz2 Hi - > It simply splits the paths into those scanned for rpms, those scanned > for files and (optional) paths that are extra trusted prefixes for > source files. The paths that are scanned for files are trusted source > prefixes by default. There is a new option to also remove those using > -N, --no-files-sources). And you can switch back to allowing all files > on the file system with -A, --all-sources. If the perceived problem is that build tree scans (-F) may contain binaries that refer to source files that are not appropriate for later sharing, then IMO this is too much change, and unnecessarily complicates other valid usage. If you are certain that source file censorship needs to be in the code, I'd do it instead by adding just one option -S PATH to the code, which would act like a whitelist for -F source file retrievals. (There is no point to filtering -R rpm source files; those are only serviced from other indexed RPMs.) So: debuginfod -S /usr/src/debug -S /usr/include -F PATH1 PATH2 ... PATHn would restrict -F source service to the given paths, and debuginfod -F PATH1 PATH2=20 would not, because normal people have trustworthy build systems etc. If you like, the above two -S paths can be made part of the default for the debuginfod.service. There is no need to compile-in a restrictive default (such as making the non-S case mean "no source for you!"), because there is no compiled-in default for any file paths to search, so this issue just does not arise. Would you like me to prototype this quickly? - FChE