https://sourceware.org/bugzilla/show_bug.cgi?id=32318
Bug ID: 32318
Summary: client should avoid url duplication for different
ima:FOO modes
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: debuginfod
Assignee: unassigned at sourceware dot org
Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Even with IMA stuff going into debuginfod/-client in 0.192ish, we can't in good
conscience enable ima:enforcing as a mode for fedora. That's because it's
possibly risky: breaking some downloads if anything's wrong with the signature
data over at the server archive, which could happen due to build system
inconsistencies or other unknown factors. (We don't have a census.)
So in the absence of that certainty, an ima:permissive mode like bug #31842
pleads for could do the job. In the absence of that mode, this would be a way
of emulating it:
DEBUGINFOD_URLS="ima:enforcing https://debuginfod.fedoraproject.org ima:ignore
https://debuginfod.fedoraproject.org";
.... but the debuginfod client code duplicate-eliminates the two occurrences of
the same URL, defeating the purpose. So we need to get the client code to
consider ima mode when dupe eliminating. Let's track this change here.
--
You are receiving this mail because:
You are on the CC list for the bug.
