Hi,

On Wed, 2019-11-20 at 12:53 +0100, Mark Wielaard wrote:
> Sure, you could use that if you wanted to share your whole build/source
> trees and don't mind serving any other files on some local network. I
> just think it shouldn't be the default. If you go look for odd paths in
> .debug files you probably will find them. We already know some builds
> generate and/or build files in /tmp or outside the src/builddir.
> 
> I'll look to see what is necessary to make sure none of those leak out
> by default.

The attached is what I came up with.

It simply splits the paths into those scanned for rpms, those scanned
for files and (optional) paths that are extra trusted prefixes for
source files. The paths that are scanned for files are trusted source
prefixes by default. There is a new option to also remove those using
-N, --no-files-sources). And you can switch back to allowing all files
on the file system with -A, --all-sources.

I think this provides a way to do what we both want, it just makes
things a little bit more explicit.

As a bonus it separates scanning trees for files and rpms, so no
unnecessary work is done.

I haven't updated the documentation yet. Let me know what you think
about the patch and I can update the documentation if we agree on the
options/defaults.

Cheers,

Mark